Ransomware Attacks Reported by Victory Health Partners and Strategic Benefits Advisors

Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack

Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information and has possibly released them.

When Victory Health Partners discovered the attack, it shut down systems to control the incident and stop continuing unauthorized access. It launched a forensic investigation to find out the scope and nature of the ransomware attack which established the potential access of the attackers to the following types of patient data: name, Social Security number, address, birth date, and other protected health information (PHI). There were no health data like diagnoses, medical conditions, and other health information affected because Victory Health Partners even now makes use of paper charts.

Victory Health Partners has performed a comprehensive evaluation of current operations and IT systems and will take steps to enhance the security and confidentiality of its records. In addition, an external computer specialist advised the clinic regarding new systems and equipment to secure it against potential cyberattacks.

PHI Potentially Exposed in Strategic Benefits Advisors Ransomware Attack

The benefits consulting company Strategic Benefits Advisors based in Georgia has reported that it encountered a ransomware attack by which PHI might have been viewed and/or obtained.

The company discovered the attack on September 19, 2021, took immediate steps to stop further unauthorized access to its IT system, and carried out an investigation into the attack. The ongoing investigation confirmed on October 7, 2021 that the attackers accessed and/or exfiltrated selected files in the system.

It is not yet known exactly how many people were impacted by the incident, and which types of PHI had been compromised for every person. However, the following types of data were included in the compromised systems: names, Social Security numbers, and addresses. Strategic Benefits Advisors states it does not know of any attempted or actual misuse of personal data.

Affected persons had received breach notifications and steps to enhance the security of its systems had been implemented to stop other cyberattacks.