McKenzie Health System in Sandusky, MI, has just begun informing 25,318 individuals regarding the theft of some of their protected health information (PHI) due to a recent security incident that interrupted the operations of a number of its systems. The provider detected the suspicious activity inside its IT systems on March 11, 2022 and took immediate steps to protect those systems. A third-party investigator was involved to find out the nature and extent of the data breach.
The investigation confirmed that an unauthorized person had acquired access to its system and exfiltrated data files. It was confirmed on April 22, 2022 that the analyzed files included patient data like names, contact details, demographic data, birth dates, diagnosis and treatment data, prescription details, medical record numbers, names of providers, dates of service, medical insurance details, and/or Social Security numbers.
In the notification letters sent by McKenzie Health System, the affected persons received some details on the steps they ought to do to safeguard their personal data and PHI against misuse. The provider also offered free credit monitoring and identity protection services to those whose Social Security numbers were compromised or exposed. Extra safety and technical security steps were enforced to better secure sensitive information and to strengthen the tracking of its systems.
Recent Ransomware Attack Reported by Omnicell in SEC Filing
Omnicell based in Mountain View, CA, a company offering medication management systems, lately revealed that it suffered a ransomware attack in an 8-K filing with the Securities and Exchange Commission (SEC). The company discovered the ransomware attack on May 4, 2022, which led to taking certain internal IT systems offline.
Omnicell stated it is still looking into the attack and the complete impact is not yet sure. However, the attack has affected a number of the products and services of the company. Omnicell had taken prompt action upon detection of the attack to stop continuing unauthorized systems access. The company’s business continuity plans had been executed, and its systems are being restored. At the present level of the investigation, Omnicell cannot ascertain the effect of the attack on the company, the outcomes of operations, or the financial effect of the ransomware attack. It cannot determine as well if there will be a material negative effect. Third-party cybersecurity specialists were involved and are helping with the investigation and restoration and the cyberattack was reported to police authorities.
Omnicell additionally just filed its quarterly revenue with the SEC. Its 10-Q form revealed that substantial interruptions to its IT systems may negatively impact the business, considering that the company depends on its IT systems for financial and company data storage, internal and external communications, and managing critical business operations.
Omnicell stated that it makes backups and keeps them safely off-site. However, the business could be negatively impacted if it turns out it cannot bring back systems and data files from backups in an appropriate time period and the company would additionally be badly impacted in case a data theft happened that led to the loss of intellectual property. It’s uncertain at this time whether any sensitive information was stolen before file encryption.