Data of Millennium Eye Care Patients Stolen by Ransomware Gang
A provider of ophthalmology services in Freehold, NJ, Millennium Eye Care, reported on December 22, 2021, that attackers lately obtained access to its computer system and utilized ransomware for file encryption in an effort to extort cash from the healthcare provider.
The breach notification letters didn’t state when the attack took place, however, Millennium Eye Care mentioned that on November 14, 2021, it learned about the exfiltration of a big volume of data before encrypting files. The files acquired during the attack comprised a selection of protected health information (PHI) like names and Social Security numbers.
Millennium Eye Care stated it has enhanced network security steps to decrease the possibility of more attacks and has given supplemental cybersecurity training to the personnel to enable them to identify external attacks.
Impacted persons were informed via mail and were given details on the measures they could take to secure against identity theft and scam. Identity theft protection services are being given for free and affected patients will additionally be covered by a $1,000,000 identity theft compensation plan.
The breach was told to government bodies nevertheless has not yet come out on the HHS’ Office for Civil Rights breach website thus it is presently uncertain how many people were impacted.
Duneland School Corporation Cyberattack
Duneland School Corporation located in Indiana has advised the HHS’ Office for Civil Rights regarding a recent cyber attack whereby the PHI of 7,000 persons was likely exposed.
The cyberattack was discovered on October 27, 2021, and selected systems in its computer network became inaccessible. A third-party cybersecurity agency investigated the attack and confirmed the nature and extent of the attack. The investigation affirmed that unauthorized people acquired access to sections of its system from October 21 to October 27, and those systems comprised the personal data of workers and information connected to its self-insured health plan, like names, birth dates, driver’s license numbers, Social Security numbers, and benefits data.
Duneland School Corporation claims it has put in place extra safeguards and technical security procedures to avert any additional cyberattacks. Identity monitoring services are made available to existing and past staff members, beneficiaries, and dependents, whose information had been breached.