Maternal & Family Health Services based in Eastern Pennsylvania lately informed a number of patients regarding a ransomware attack on April 4, 2022 that resulted in the exposure of sensitive patient data. As soon as the healthcare provider detected the attack, it secured the systems and engaged a third-party computer forensics company to look into the incident and find out the nature and extent of the breach. It was confirmed that attackers first accessed its systems on August 12, 2021, more or less 8 months prior to encrypting files by the ransomware. Systems had been secured on April 4, 2022, however, the investigation, analysis of breached files, and confirmation of contact details lasted up to the end of the year. The provider sent notifications to affected persons on January 3, 2023.
Maternal & Family Health Services mentioned the exposed files contained data including names, addresses, birth dates, driver’s license numbers, Social Security numbers, usernames, passwords, financial account/payment card details, health data, and medical insurance details. It offered free credit monitoring and identity theft protection services to those who had their financial account/payment card details or Social Security numbers exposed. There is no evidence that indicates the misuse of patient information during the issuance of notifications. Maternal & Family Health Services stated it is fortifying security to avoid the same incidents later on.
The breach is not yet posted on the HHS’ Office for Civil Rights breach website, therefore the number of individuals affected is presently uncertain.
Around 23,620 Patients were Affected by Retreat Behavioral Health Ransomware Attack
Retreat Behavioral Health manages mental health and substance use treatment centers in Connecticut, Florida, and Pennsylvania. On July 1, 2022, it reported a cyberattack that it discovered and blocked.
Retreat Behavioral Health mentioned the forensic investigation finished on December 9, 2022, and it sent notifications to impacted patients. The investigation showed the third party behind the attack accessed a data set inside its network and potentially exposed data such as names, Social Security numbers, and addresses. A part of the patients likewise had their birth date and/or treatment details compromised. Retreat Behavioral Health explained there is no proof of attempted or actual patient data misuse identified nevertheless as a safety measure, patients received Single Bureau Credit Monitoring Services for free. Retreat Behavioral Health has likewise put in place extra tracking tools on its system and will go on to improve system protection.
The breach report was lately submitted to the Maine Attorney General indicating that 23,620 patients were affected.
Employee Benefits Plan Information Compromised Due to L. Knife & Son Hacking Incident
The alcoholic drink wholesaler, L. Knife & Son, Inc. just reported that an unauthorized entity acquired access to its system and exfiltrated files that contain sensitive information. The security incident was discovered on November 1, 2022, and it was confirmed by the forensic investigation that unauthorized individuals accessed files and stole data from October 13, 2022 to October 19, 2022. The analysis of the impacted files was accomplished on December 8, 2022.
The breach report submitted to the Maine Attorney General indicates that the information of 14,377 persons was affected. The HHS’ Office for Civil Rights states that the PHI of 4,082 Employee Benefits Plan members was affected. The company provided the affected people with free 2-year memberships to an identity theft protection service and implemented security steps to stop future breaches.
