Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016.

The extortion attempt occurred in September 2017 when hackers gained access to SMART systems, allegedly stole data, and required a ransom payment from the group to prevent the information from being published online.

SMART provided no indication was provided in the breach notification letters to suggest the ransom was paid, although the group has informed its patients that there is “no reason to believe that the data has been or will be used for further nefarious purposes.”

The the FBI and Homeland Security have investigated the attack. However, the details of these investigations have not been released. SMART attempted to obtain a copy of the police report through the Freedom of Information Act. This had not been received before the time the notifications were broadcast.

There was no financial data or Social Security numbers among the information potentially stolen by the hackers, but insurance numbers and diagnostic codes were included.

6,000 Patients Notified by North Carolina DHHS of an Accidental Disclosure of PHI

The North Carolina Department of Health and Human Services discovered, on September 27 2017, that a spreadsheet containing the protected health information of around 6,000 individuals was sent, by mistake, to a partner in an unencrypted email. T

The partner was quickly contacted and instructed to safely delete the spreadsheet included with the email. NC DHHS has confirmed that the spreadsheet has been safely deleted, although affected persons have been informed that the email may have been been intercepted in transit by unauthorized people. The chance of interception of the email or the misuse of any information in the spreadsheet is believed to be extremely low.

Names, test results, and Social Security numbers of individuals who had undergone routine drug screening tests were contained information on the spreadsheet. The tests had been conducted on individuals who had applied for employment with NC DHHS.

NC DHHS is, at present, conducting a review of its internal processes to make sure  incidents like this do not happen again.