South Denver Cardiology Associates (SDCA) has recently reported that it experienced a cyberattack in January 2022 that led to the access and possible theft of files that contain patient data by attackers.
Strange network activity was noticed on January 4, 2022, and SDCA quickly started its breach response process. Systems were separated from the network and turned off, with the investigation identifying that hackers got access to selected systems from January 2, 2022 to January 5, 2022.
Throughout that time, the hackers accessed selected files kept on its systems, a few of which included patients’ personal information and protected health information (PHI). A thorough assessment of those files affirmed they comprised patient names as well as at least one of the following types of information: dates of birth, drivers’ license numbers, Social Security numbers, patient account numbers, health insurance data, and clinical data like doctor names, dates and types of service, and diagnoses.
SDCA stated the contents of medical files were not affected, the patient site was not breached, and the investigation did not unearth any proof of actual or attempted improper use of patient details; nevertheless, as a preventative measure, affected persons got offers of complimentary access to credit monitoring and identity theft protection services.
SDCA has reported the breach to the HHS’ Office for Civil Rights as having an effect on approximately 287,652 people.
Around 80,000 Patients Affected by Memorial Village ER Cyberattack
Memorial Village ER located in Houston TX, has lately started informing 80,000 individuals that a few of their PHI was located on a server that the attackers accessed on February 18, 2022.
Memorial Village ER mentioned the server was secured with HIPAA-compliant safety measures, however, the security defenses were compromised by an anonymous entity who probably viewed and/or acquired records on the server. A detailed analysis was executed to find out the kinds of data on the server, which affirmed the breach was restricted to names, birth dates, addresses, and COVID-19 test data. Impacted people were advised on March 9, 2022, under a month after the Identification of the breach.
Social Security numbers, financial details, and insurance data were not affected; nonetheless, as a safety measure impacted persons were given a free 12-month membership to IdentityWorks identity theft protection service via Experian.
Memorial Village ER stated it has already improved its cybersecurity system to avert more security breaches down the road.