DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the incident.
DataHEALTH mentioned it found out on December 30, 2021, that the threat actors got records from its servers by means of third-party applications employed by a number of its healthcare provider clients, containing patients’ PHI. DataHEALTH mentioned it hired a third-party software business to update credentials for all clients that make use of the software. Supplemental security standards were imposed to boost the protection of its network.
Though sensitive details were stolen, DataHEALTH stated it didn’t find any evidence that indicates the misuse of that information; nonetheless, as a preventative measure, impacted people were given complimentary credit monitoring and identity theft protection services and will be secured by an identity theft insurance policy worth $1 million.
The incident is not yet posted on the HHS’ Office for Civil Rights breach site, thus it is at this time not clear how many persons were affected.
JDC Healthcare Management
JDC Healthcare Management based in Dallas, TX, also called Jefferson Dental & Orthodontics, has lately reported the discovery of malware on selected company systems that enabled unauthorized persons to access and possibly extract sensitive patient data.
The malware was discovered on or about August 9, 2021, with the investigation affirming the download of malware onto its systems on July 27, 2021. By removing the malware, unauthorized systems access was averted on August 11, 2021.
JDC Healthcare Management conducted a thorough evaluation of all files stored on its systems that were potentially compromised. It was confirmed that they contained patient names, passport numbers, Social Security numbers, driver’s license numbers, state ID numbers, birth dates, clinical data, medical insurance data, and financial details.
The assessment was concluded on January 10, 2022. The healthcare provider sent notification letters to impacted persons, who were provided free credit monitoring and identity theft protection services.
The HHS’ Office for Civil Rights has not yet listed the incident on its breach portal, thus it is presently unknown how many persons were impacted.
Dr. Douglas C. Morrow
Dr. Douglas C. Morrow based in Auburn, Indiana has just reported that hackers acquired access to his IT systems and deployed ransomware to encrypt information. The incident happened on May 16, 2021, and a digital forensics company investigated the extent of the attack. The investigation affirmed on October 29, 2021, that threat actors got access to IT systems that stored patient information. Files that contain patients’ PHI were potentially exfiltrated before file encryption.
An analysis of those files was accomplished on December 8, 2021, and affirmed the potential theft of these types of data: names, addresses, driver’s license numbers, Social Security numbers, medical insurance data, Member/Medicaid ID numbers, treatment/diagnosis details, provider name(s), dates of service, medical record number(s), and patient account number(s). Dr. Douglas C. Morrow stated notification letters had been sent to impacted persons on February 23, 2022.
The HHS’ Office for Civil Rights has not yet posted the incident on its breach portal, therefore it is presently unknown how many persons were impacted.