PHI Exposed in Tech Etch Ransomware Attack and UNC Hospitals Data Theft

Tech Etch located in Plymouth, MA makes precision-engineered thin metal pieces, versatile printed circuits, and EMI/RFI shielding. It has reported a ransomware attack that resulted in the potential compromise of the personal data and protected health information (PHI) of present and past workers.

Firms like Tech Etch wouldn’t commonly be demanded to conform to HIPAA; nevertheless, the organization offers a health package for its staff and, consequently, is classified as a HIPAA-covered entity.

Tech Etch became aware of the ransomware attack last August 25, 2021. The investigators confirmed that the hackers obtained access to its network on August 20. Tech Etch involved an external forensic cybersecurity squad to aid with the breach investigation, help safeguard its system, and avoid even more unauthorized access. Tech Etch had set backups that were not affected and were able to bring back all encrypted files without making any ransom payment.

A number of safety measures were enforced to protect employee’s personal data and protected health information, nevertheless despite those safety measures, several employee information might have been compromised. Tech Etch mentioned there was no direct information of data staging or exfiltration found and the investigation suggested the attackers hadn’t accessed the HR servers where employee data were saved. The hackers did attempt to gain access to information backups comprising employee data, nonetheless, Tech Etch had encrypted the backups and were not accessible. Certain employee data, including names, addresses, birth dates, Social Security numbers, and PHI, were found in its email system and might have been viewed or copied.

Tech Etch did not get any proof that any worker information was obtained or misused and it does not seem that any worker data were shared with the public.

Impacted personnel was informed to keep an eye on their explanation of benefits statements, accounts, and credit reports for indications of bogus activity and to promptly report any suspicious transactions when they are found. Tech Etch has already taken action to strengthen its security systems to avert more security incidents and will go on reviewing those practices to make sure they stay efficient.

Tech Etch already submitted a report of the ransomware attack to the Department of Health and Human Services’ Office for Civil Rights as well as the Massachusetts Attorney General. However, it is not yet known how many persons were impacted.

UNC Hospitals Uncovers Insider Breach and Data Theft

The PHI of 719 UNC Hospitals patients were ripped off by an ex-staff, who utilized the data for profit.

The healthcare organization based in Chapel Hill, NC uncovered unauthorized access last September 10, 2021. The worker involved was working on the patients’ bills for services at various UNC Hospitals clinics and was given access to sensitive patient information to carry out work assignments.

The employee took patients’ demographic details, financial data, copies of insurance cards, Patients’ Driver’s Licenses, and Social Security Numbers and employed those details to fraudulently acquire products and services.

Patients whose sensitive information was taken or misused by the ex-employee were advised by mail and were given one year of free credit monitoring services. The UNC Hospitals Police Department has started a criminal investigation of the incident.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.