This week’s breach roundup includes a ransomware attack and phishing incident, which possibly breached the data of nearly 300,000 patients from Presbyterian Healthcare and Imperial Health.
New Mexico-based Presbyterian Healthcare Services is notifying 183,000 patients that their personal and medical information was potentially breached after a month-long phishing attack, as reported by Health IT Security.
On June 6, Presbyterian officials discovered a hacker gained access to several employee email accounts beginning a month earlier on May 9. Access began through a phishing scam focused on gaining information.
Upon discovery, the accounts were secured, and officials said they launched a review into the impacted emails. Law enforcement was also contacted.
The investigation determined the compromised accounts contained patient and health plan member information including names, dates of birth, Social Security numbers, and health plan and or clinical information. All patients will receive a year of free credit monitoring and identity protection services.
Officials stressed the hack did not impact Presbyterian’s electronic health records or billing systems.
Presbyterian will be implementing additional security measures to its email system. Further, employees will now be required to successfully complete mandatory training around safeguarding data, including education on phishing scams and protecting electronically stored data.
IMPERIAL HEALTH RANSOMWARE ATTACKS IMPACTS 116,000 PATIENTS
Imperial Health in Southwest Louisiana recently fell victim to a ransomware attack, which potentially breached the data of about 116,262 patients.
According to officials, system files were encrypted after ransomware was downloaded onto its network on May 19. An Imperial Health Center for Orthopaedics database was also locked down during the cyberattack. The investigation could not rule out a potential breach of personal health information.
The compromised database contained information of patients who received medical services at Imperial’s Orthopaedics. The affected information varied by patient, but could include names, medical record numbers, Social Security numbers, treatment details, contact information, birth dates, diagnoses, medications, provider names, and related clinical data.
Imperial Health successfully removed the malware from its network and data was restored. Law enforcement is still investigating the ransomware incident. Officials said they’ve since installed new anti-virus software designed to better protect against ransomware and other malware.
Ransomware continues to plague the healthcare sector. Just last week, Kentucky’s Park DuValle Community Health Center paid hackers $70,000 to decrypt its data, after providers were locked out of their system for almost two months.
The Department of Homeland Security recently released best practice steps for protecting against the malicious software in response to a spate of targeted attacks on government agencies. Backups, cybersecurity awareness and education, and cyber incident response plans are crucial to reducing the fallout from these costly attacks. Find out more with Prilock Security.
Davis, Jessica. (2019, August 5). Phishing Attack Breaches Data of 183,000 Presbyterian Health Patients. Health IT Security.