Archive for the ‘Malware’ category

Ransomware and data breach

October 7th, 2016

Urgent Care Clinic of Oxford in Mississippi recently suffered data breach due to ransomware attack.  According to the reports, the server was attacked in early July. The facility came to know about the incident on August 2, 2016.

As per the statement, “ We understand this may pose an inconvenience to you, and we sincerely regret that this situation has occurred.”

Facility regained control of the server and shut down its remote access. It is taking precaution to prevent the same type of incident. Affected information included patients’ names, Social Security numbers, dates of birth, and other personal information. Any health information on file was also accessed.

“The investigation revealed it is very likely that the attack was carried out by criminal Russian hackers,” Urgent Care said in a letter signed by Dr. Willis Dabbs and Dr. David Coon. “Unfortunately, we cannot say which patients specifically may have been affected by this data breach.”

Facility did not specify number of affected patients by the incident. It has urged individuals to regularly check all credit and bank accounts and report any suspicious activity. Facility is also offering one year of complimentary identity protection services.

“We understand this may pose an inconvenience to you, and we sincerely regret that this situation has occurred,” Dabbs and Coon wrote. “Urgent Care is committed to providing quality care and service to all its patients, and that includes keeping your personal information as safe and secure as possible.”

Direction to place fraud alert:

A fraud alert is a consumer statement added to your credit report. This statement alerts creditors of possible fraudulent activity within your report as well as requests that they contact you prior to establishing any accounts in your name. Once the fraud alert is added to your credit report, all creditors should contact you prior to establishing any account in your name.

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hacking causes EHR breach

August 2nd, 2016

As per the notice on website, Athens Orthopedic Clinic in Georgia mentioned that it has experienced a potential EHR breach after a healthcare cybersecurity incident. Facility said that an external entity had launched a cyberattack on its EHR system using a third-party vendor’s credentials.

Affected information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and, in some cases, diagnoses and partial medical histories. Facility did not mention the number of individuals affected.

Many have earlier mentioned the need to strengthen healthcare systems.

“You rarely hear healthcare as the focus of the cyber-security industry,” Ralph Echemendia, CEO of cyber-security consulting firm Red-e Digital says. “With the Sony hack, an entire corporation was taken completely down. Nobody could go to work. If you do that to a hospital, people die.”

Cybersecurity experts were hired to investigate the attack and assess facility systems. Cybersecurity firm’s recommendations are implemented to improve healthcare data security.

“We are in the process of notifying the affected patients, and deeply regret any stress this may cause our patients,” Kayo Elliott, CEO of Athens Orthopedic Clinic told OnlineAthens.com.

“Rest assured that we are taking all necessary measures to ensure that any resulting damage is limited to the extent possible and working to retain your trust in our practice. We advise that our patients contact credit reporting agencies to create a fraud alert as soon as possible; we have posted a statement on our website that includes credit reporting agency contact information.”

According to the website:

Athens Orthopedic Clinic has been providing comprehensive orthopedic care to Athens and surrounding communities since 1966. AOC is a healthcare facility with a long-standing tradition of excellence and service. As a total orthopedic care center, our physicians specialize in orthopedic surgery and handle the diagnosis and treatment of diseases and injuries of the bones, muscles, tendons, nerves and ligaments in both adults and children.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Data breach at North Ottowa Medical Group

July 20th, 2016

North Ottowa Medical Group suffered data breach along with many other healthcare facilities due to hacking incident at Bizmatics, an EHR vendor. Bizmatics notified Michigan-based medical group  about the data breach. It mentioned unauthorised user access of its server, but didn’t confirm whether North Ottawa Medical Group data was accessed or not.

According to the reports, about 22,000 individuals were affected by the healthcare data security event. Possible affected data relates to patients at the medical group’s employed physician practices, including the internal medicine, family practice, and women’s health offices.Disclosed information included names, addresses, health visit information, treatments, health insurance information, and Social Security numbers. The incident may have also exposed the last four digits of a credit card number for some patients.

The medical center mentioned that an independent cyber forensics firm, hired by Bizmatics, is working with the vendor. Also, law enforcement officials conducted a criminal investigation.

“These investigations found that there was no reason to believe patient files were the target of the attack,” the press release stated. “Further, investigators could not conclusively determine if there was, in fact, a PHI breach at all.”

North Ottowa Medical Center has notified affected individuals and the Department of Health and Human Services of the incident. Complimentary identity recovery assistance services for a year is also setup.

According to the website:

Nonetheless, out of an abundance of caution, NOCHS has reported this incident to the Department of Health and Human Services (DHHS), and is treating the situation as though an actual breach occurred. Therefore, in accordance with HIPAA law NOCHS has notified DHHS, NOMG patients, and by way of this news release, the community. NOMG patients will also receive identity recovery assistance services for a year, at no cost.

The North Ottawa Medical Group doctors, physician assistants and nurse practitioners work directly for and within the North Ottawa Community Health System and your community hospital. Our mission is to develop a personal, long-term relationship with you, as well as be our community’s most trusted, local partner in creating a healthier future for all.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

AK healthcare data breach

July 18th, 2016

Hacking incident at Bizmatics has led to many healthcare data breaches. AK healthcare organization has  reported another data breach due to Bizmatics EHR breach. Medical record information exposed included names, addresses, dates of birth, insurance information, Social Security numbers, and clinical documentation.

Bizmatics has alerted the healthcare organization about the hacking incident and possible data breach. Arkansas Spine and Pain mentioned that some of its patient files were viewed unauthorizedly.

Pain mentioned that the intruders accessed vendor’s system by installing malware. Bizmatics could not confirm if any of the healthcare organization’s EHR files were accessed by the hackers. Facility has notified all potentially affected individuals.

AK healthcare added that Bizmatics was “taking steps to further strengthen its defenses against cyberattacks, including hardening its firewall and network configurations.”

“We have also been assured by Bizmatics that they are committed to ensuring its systems are as secure as they can be in our current environment,” the statement explained.

Earlier Bizmatics has notified many other healthcare providers of potential EHR breaches after hackers accessed its servers containing medical records. One such example include Florida-based Southeast Eye Institute, PA. It has contacted over 87,000 patients of a possible healthcare data breach. Integrated Health Solutions in Pennsylvania also suffered data breach.

According to the website:

Arkansas Spine and Pain (ASAP) is Central Arkansas’ leading program for the management, treatment and rehabilitation for spine and pain relief and sports-related injuries.At Arkansas Spine and Pain we consider the whole person and their family when treating the pain. Pain Clinic staff work with other health care professionals, physical therapists, family physicians and services that might be needed such as social workers, hospice, home care agencies, behavioral health specialists to assist with modification of life styles and to encourage retaining and regaining maximum quality of life.

___________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malware attack and Data Breach

May 19th, 2016

Michigan-based Complete Chiropractic and Bodywork Therapies may have suffered potential data breach after its  server was accessed by an unauthorized entity. As per the OCR’s data breach portal, around 4,082 individuals were affected by the incident.

According to the statement, an outside entity gained access to a server which stored PHI information. The facility found the intrusion when its server malfunctioned. Afterwards malware infected its systems. Malware probably have scanned its systems to acquire login and password information.Affected information includes patient data, including treatment, billing and EHR information.

“Out of an abundance of caution, we notified all affected patients, offered them one-year of free identity theft protection through LifeLock, and provided them with recommended actions they can take to protect their information from identity theft. For example, we recommend that any affected patients obtain their credit reports from one or more of the major credit reporting agencies, and monitoring financial and bank accounts for unauthorized activity.”

According to EHR systems PHI which includes names, dates of birth, addresses, Social Security numbers, health information, and diagnosis information was encrypted and thus was not breached.

“However, there is no indication that this information was actually taken or inappropriately used – only that there was an opportunity for the same,” explained Complete Chiropractic and Bodywork Therapies.

Practice secured the server by disabling its connection to the internet. Passwords for all workstation and vendor profiles were changed. It also implemented additional security safeguards, such as adding an extra external firewall to track incoming and outgoing traffic. The chiropractic office has notified all affected individuals.

“CCBT [Complete Chiropractic and Bodyworks Therapies] deeply regrets that this incident occurred,” explained the statement. “We are taking this matter very seriously and are working hard to make sure this does not happen again. CCBT hired new IT professionals who come highly recommended based on their HIPAA compliance experience. With the guidance of our new IT professionals, we are adding to the IT safeguards that CCBT already maintained.”

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.