Archive for the ‘phishing’ category

Computer servers breached

August 28th, 2016

Indiana-based Orleans Medical Clinic announced possible healthcare data breach when one of its computer servers was hacked. According to the reports, facility became aware of the suspicious activity on April 17. After investigation, it confirmed hacking attack. The incident left EHR data unsecured on the server.

Unauthorised users had access to the information from April 5, 2016 to April 17, 2016.  Also,  facility got confirmation on July 21, 2016 of the individuals and information potentially affected by the incident. Immediately, Orleans Medical secured the server to avoid such incident again.

“While our investigation was not able to definitively conclude whether the hackers actually accessed or obtained a particular individual’s information, it would have been possible for the hackers to access and obtain patient information about all of our current and former patients, including medical records and demographic information such as date of birth and social security number,” Orleans Medical stated.

Facility asked patients to contact their bank or credit card company to make them know of the situation. Banking and credit card information were not affected by the incident.

Facility did not mention the number of patients potentially affected. According to the OCR data breach reporting tool, information of 6,890 individuals was affected. Facility also mentioned that the patient portal was not breached. One year complimentary identity theft services is setup. Also, patient notification letters have been sent out thru mail.

According to the statement:

We have reported the incident to the FBI, the U.S. Department of Health and Human Services Office for Civil Rights, and the Indiana Attorney General, each of whom has opened an investigation.

 

We deeply regret that this incident occurred. We are committed to providing quality care and protecting PHI. We have established a call center to answer any questions that patients may have about this incident.

“At Orleans Medical Clinic, our mission is to provide personalized, high-quality care on an as-needed or preventative basis.  We have created a practice that we believe in and would choose for our own family members.”

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hacking causes EHR breach

August 2nd, 2016

As per the notice on website, Athens Orthopedic Clinic in Georgia mentioned that it has experienced a potential EHR breach after a healthcare cybersecurity incident. Facility said that an external entity had launched a cyberattack on its EHR system using a third-party vendor’s credentials.

Affected information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and, in some cases, diagnoses and partial medical histories. Facility did not mention the number of individuals affected.

Many have earlier mentioned the need to strengthen healthcare systems.

“You rarely hear healthcare as the focus of the cyber-security industry,” Ralph Echemendia, CEO of cyber-security consulting firm Red-e Digital says. “With the Sony hack, an entire corporation was taken completely down. Nobody could go to work. If you do that to a hospital, people die.”

Cybersecurity experts were hired to investigate the attack and assess facility systems. Cybersecurity firm’s recommendations are implemented to improve healthcare data security.

“We are in the process of notifying the affected patients, and deeply regret any stress this may cause our patients,” Kayo Elliott, CEO of Athens Orthopedic Clinic told OnlineAthens.com.

“Rest assured that we are taking all necessary measures to ensure that any resulting damage is limited to the extent possible and working to retain your trust in our practice. We advise that our patients contact credit reporting agencies to create a fraud alert as soon as possible; we have posted a statement on our website that includes credit reporting agency contact information.”

According to the website:

Athens Orthopedic Clinic has been providing comprehensive orthopedic care to Athens and surrounding communities since 1966. AOC is a healthcare facility with a long-standing tradition of excellence and service. As a total orthopedic care center, our physicians specialize in orthopedic surgery and handle the diagnosis and treatment of diseases and injuries of the bones, muscles, tendons, nerves and ligaments in both adults and children.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Data breach due to theft incident

July 28th, 2016

Total number of 7,784 individuals were notified about potential PHI breach by the Ohio area dental practice. Patient records were stolen as reported by the Office of Civil Rights on its website. Sunbury Plaza Dental mentioned that its secured storage unit containing business and patient records was burglarized. It came to know about the incident when law enforcement officials notified them.

The officers said that some patient records were stolen from the storage unit. Majority of records were not touched. Affected information included patient files contained personally identifiable information, such as names, addresses, dates of birth, and Social Security numbers, as well as some healthcare data.

Theft incident was committed by suspects to commit identity fraud. All patient files involved in the incident are recovered now. Also, the dental practice updated its policies and procedures for safeguarding patient information. It also partnered with law enforcement agencies to investigate the break-in.

Complimentary identity monitoring services for a year is provided by the facility to affected individuals.

How you can protect yourself:

“It is recommended that patients affected by this matter regularly review their account statements and check their credit report for incidents of fraud and identify theft. To help our patients with this we have secured the services of Kroll to provide identity monitoring for one year to our patients affected by this matter. This service includes Credit Monitoring, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Theft Insurance, Identity Consultation, and Identity Restoration.”

Currently many healthcare data breach occur due to theft incident. Another incident involved Texas-based medical office which affected around 2,900 individuals. According to the website notice of StarCare Specialty Health System, one or more burglars broke into its East Broadway office in Lubbock, Texas and stole five laptops. One of the laptop contained confidential patient information. It was not encrypted.

Affected information included names, medical record numbers, telephone numbers, diagnoses, admission and discharge dates, dates of birth, Social Security numbers, and Medicare and Medicaid numbers.

According to the statement:

“StarCare is giving one year of free identity monitoring to those clients who may have been affected by this breach. This service will provide credit monitoring, identity monitoring, identity theft insurance and fraud restoration services. Signing up for this program will not affect your credit score. If you are a client you will receive a notification letter. If you have not received your letter or wish to determine if you are a part of the impacted population. “

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Data breach at North Ottowa Medical Group

July 20th, 2016

North Ottowa Medical Group suffered data breach along with many other healthcare facilities due to hacking incident at Bizmatics, an EHR vendor. Bizmatics notified Michigan-based medical group  about the data breach. It mentioned unauthorised user access of its server, but didn’t confirm whether North Ottawa Medical Group data was accessed or not.

According to the reports, about 22,000 individuals were affected by the healthcare data security event. Possible affected data relates to patients at the medical group’s employed physician practices, including the internal medicine, family practice, and women’s health offices.Disclosed information included names, addresses, health visit information, treatments, health insurance information, and Social Security numbers. The incident may have also exposed the last four digits of a credit card number for some patients.

The medical center mentioned that an independent cyber forensics firm, hired by Bizmatics, is working with the vendor. Also, law enforcement officials conducted a criminal investigation.

“These investigations found that there was no reason to believe patient files were the target of the attack,” the press release stated. “Further, investigators could not conclusively determine if there was, in fact, a PHI breach at all.”

North Ottowa Medical Center has notified affected individuals and the Department of Health and Human Services of the incident. Complimentary identity recovery assistance services for a year is also setup.

According to the website:

Nonetheless, out of an abundance of caution, NOCHS has reported this incident to the Department of Health and Human Services (DHHS), and is treating the situation as though an actual breach occurred. Therefore, in accordance with HIPAA law NOCHS has notified DHHS, NOMG patients, and by way of this news release, the community. NOMG patients will also receive identity recovery assistance services for a year, at no cost.

The North Ottawa Medical Group doctors, physician assistants and nurse practitioners work directly for and within the North Ottawa Community Health System and your community hospital. Our mission is to develop a personal, long-term relationship with you, as well as be our community’s most trusted, local partner in creating a healthier future for all.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

AK healthcare data breach

July 18th, 2016

Hacking incident at Bizmatics has led to many healthcare data breaches. AK healthcare organization has  reported another data breach due to Bizmatics EHR breach. Medical record information exposed included names, addresses, dates of birth, insurance information, Social Security numbers, and clinical documentation.

Bizmatics has alerted the healthcare organization about the hacking incident and possible data breach. Arkansas Spine and Pain mentioned that some of its patient files were viewed unauthorizedly.

Pain mentioned that the intruders accessed vendor’s system by installing malware. Bizmatics could not confirm if any of the healthcare organization’s EHR files were accessed by the hackers. Facility has notified all potentially affected individuals.

AK healthcare added that Bizmatics was “taking steps to further strengthen its defenses against cyberattacks, including hardening its firewall and network configurations.”

“We have also been assured by Bizmatics that they are committed to ensuring its systems are as secure as they can be in our current environment,” the statement explained.

Earlier Bizmatics has notified many other healthcare providers of potential EHR breaches after hackers accessed its servers containing medical records. One such example include Florida-based Southeast Eye Institute, PA. It has contacted over 87,000 patients of a possible healthcare data breach. Integrated Health Solutions in Pennsylvania also suffered data breach.

According to the website:

Arkansas Spine and Pain (ASAP) is Central Arkansas’ leading program for the management, treatment and rehabilitation for spine and pain relief and sports-related injuries.At Arkansas Spine and Pain we consider the whole person and their family when treating the pain. Pain Clinic staff work with other health care professionals, physical therapists, family physicians and services that might be needed such as social workers, hospice, home care agencies, behavioral health specialists to assist with modification of life styles and to encourage retaining and regaining maximum quality of life.

___________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Phishing Scam and Data Breach

April 27th, 2016

Wyoming Medical Center recently suffered data breach when it was hit by phishing scam. According to the reports, 3,184 individuals received the notification letter by the medical center which mentioned that their PHI may have been accessed by an unauthorized user.

Facility explained the phishing email as,

“Phishing emails are email messages appearing to come from legitimate sources, such as a bank, a trusted friend or colleague, or trusted businesses, etc.  Phishing is an attempt to acquire sensitive information such as usernames, passwords, credit card information, email addresses, or Social Security Numbers.  Many times, it is difficult to identify phishing emails. “

Earlier in this February, the medical center found out that two email accounts were accessed by an outside entity.  Phishing email was sent to one of the employee and after opening it other employees also received emails. This unauthorized access lasted for around fifteen minutes.

Affected information included data related to hospital purchasing, wound care, and patients who were on isolation precaution. Also, PHI information was exposed which included names, medical record numbers, dates of hospital services, account numbers, dates of birth, and some medical information. Medical center mentioned that  EHR systems were not compromised.

Wyoming Medical Center has also reviewed its security policies. Facility also mentioned that there is limited scope of identity risk, “No, the information accessible by the unauthorized user was limited and did not include the proper information to allow for identity theft.  If you are concerned about potential identity theft, you may contact one of the credit reporting agencies that will place fraud protection on your credit report.  All you have to do is contact one of the three credit reporting agencies and ask them to put a fraud alert on your credit file, and they should automatically inform the other two credit agencies. “

Medical Center facility also mentioned that they take privacy very seriously by educating employees on privacy. It also has firewalls and necessary safeguards to avoid such incidents. It also performs routine audit to fine loopholes in the system. Also, information security firms are given contracts to monitor and audits systems routinely.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.