Email Account Breach Reported by McKenzie County Healthcare System
McKenzie County Healthcare System located in North Dakota has discovered unauthorized access to the email account of a staff member. The breach was discovered on or about October 5, 2023, and the forensic investigation showed that an unauthorized person viewed one email account from October 2 to October 5, 2023.
An analysis was performed of all email messages and attachments in the account. It pointed out that the protected health information (PHI) of 21,000 individuals had been compromised. The breached information included names, addresses, medical data, and health insurance details. No information was identified that shows the misuse of any of that information.
Email Account Compromised at Maryville Addiction Treatment Centers
Maryville Addiction Treatment Centers based in New Jersey have begun informing 155,03 individuals regarding the compromise of an employee email account. The data breach was noticed on or about August 22, 2023, and the forensic investigation showed unauthorized access to the email account between August 21, 2023 and August 22, 2023.
The assessment of the account affirmed the compromise of this information: complete names, medical treatment details, medical insurance data, Social Security numbers, birth dates, financial account details, and government ID. Maryville stated there is no evidence that any of the compromised data was misused.
Approximately 100,000 Individuals Impacted by Egyptian Health Department Cyberattack
Egyptian Health Department (EHD) based in Eldorado, IL, lately reported a data breach impacting approximately 100,000 patients. EHD experienced a cyberattack on December 21, 2023, and though the forensic investigation is in progress, proof suggests that an unauthorized individual accessed folders on its network. Those folders included files that contained patients’ protected health information (PHI) and staff information.
The compromised patient data included names, dates of birth, health information, and medical insurance claims details. The breached employee data were names, driver’s license numbers/ other government IDs, Social Security numbers, financial account data, and/or insurance details. EHD is still checking out the incident to identify the possibly affected staff and patients and will send notifications when that procedure is done.
EHD performed a few steps to strengthen security, such as making new domain controllers, changing the SMB network shares of the domain controllers to another virtual machine, doing permission audits on shared folders, restricting Sharepoint Server to internal access only, adding Sentinel One and Huntress on all equipment, and employing password protection on spreadsheets having PHI.
MOVEit Hack Affects Forward Healthcare’s Business Associate
Forward Healthcare has reported that the PHI of 3,999 patients was exposed in a cyberattack that occurred on Philips Respironics, its business associate. On December 20, 2023, Philips Respironics advised Forward Healthcare that data was breached in a May 31, 2023, cyberattack that allowed access to its Care Orchestrator and Encore Anywhere software tools following the exploitation of a zero-day vulnerability in the MOVEit Transfer software. The information likely stolen during the attack contained names and private data and healthcare data.
Cencora Reports Cyberattack and Data Theft
The Fortune 500 pharmaceutical business, Cencora, mentioned in a Securities and Exchange Commission (SEC) filing that it had suffered an attack and data was extracted from its system. Cencora stated the attack didn’t have a material impact on its operations, however, it is too soon to say whether or not the incident is going to have any material effect on its financial circumstance.
Cencora mentioned it found unauthorized activity in its systems and took speedy action to secure the danger and filed an incident report to the authorities. Third-party cybersecurity professionals were involved to aid in the investigation. Data theft was established on February 21, 2024, nevertheless, there is still no report regarding the nature of the affected records.
California Department of State Hospitals Warns Patients Concerning the SSN Compromise
The California Department of State Hospitals Atascadero (DSH-A) has begun informing many patients concerning a security incident uncovered on February 15, 2024 that led to the breach of Leave and Activity Balance (LAB) reports. The reports were distributed to DSH-A staff to be used in timesheet approval and comprised confidential data including names and Social Security numbers. DSH has started an investigation to find out if the reports were erroneously accessed and is working on preparing for free identity theft protection services to be given to the affected people. At this point, it is not clear how many persons were impacted.
