BianLian Threat Group Attacks Tennessee Eye Clinic Network
Politzer and Durocher, PLC, also called Optometric Physicians of Middle Tennessee (OPMT), submitted a hacking incident report to the HHS Office for Civil Rights that impacted the personal data and protected health information (PHI) of 29,000 persons. The eye clinic chain based in Lebanon, TN stated it noticed unauthorized access to its system on March 25, 2024. The attackers had bypassed its security measures, got access to a server, and extracted files that contain a minimal amount of healthcare data. Based on the investigation, other identifying data might have been viewed in the hacking incident. A forensic investigation is presently ongoing to find out the actual types of data affected. Notification letters will be sent to the impacted persons when that process is finished. OPMT stated that although it is not a HIPAA requirement, identity theft protection services were offered to all impacted persons as a preventative measure to safeguard patients.
The BianLian group professed to be responsible for the incident. Just like many cybercriminal groups, it seems that BianLian is no longer using ransomware. It only steals files and requires ransom payment to stop the leakage or sale of the information. The BianLian included OPMT on its leak website and states that it extracted 1.5TB of files during the attack, which include financial data, HR information, biometric information, patients’ PII and PHI, contracts and confidential documents, and SQL databases.
Patient Data Theft During a Cyberattack on Somerset Dental Las Vegas
Somerset Dental Las Vegas based in Nevada has informed 11,321 patients about the exposure of some of their PHI. The security breach was discovered on February 16, 2024, and upon investigation by third-party forensics, it was confirmed that the cyberattack resulted in the extraction of some files from its system. The stolen information differed from one person to another and might have included names, birth dates, addresses, email addresses, phone numbers, driver’s license numbers, Social Security numbers, medical data, and dental insurance data. Somerset Dental Las Vegas stated it is going over its security measures and will reinforce security. Free identity protection and credit monitoring services were provided to those who had their driver’s license numbers and/or Social Security numbers affected.
Catholic Medical Center Patients Impacted by Business Associate Email Breach
Approximately 2,800 patients of Catholic Medical Center (CMC) located in New Hampshire were impacted by a data breach at Lamont Hanley & Associates, its vendor that provides accounts receivable management service. Lamont Hanley & Associates informed CMC on March 6, 2024 about the unauthorized access to the email account of an employee. The breach was discovered on June 20, 2023, and patient information might have been viewed or stolen by an unauthorized third party, but there’s no proof of data access or data theft found.
The account included the PHI of 2,792 CMC patients, such as names, dates of birth, medical and claim data, Social Security numbers, medical insurance data, individual ID data, and financial account details. Lamont Hanley & Associates is providing free credit monitoring services to qualified people and has taken action to enhance security to stop comparable breaches later.
Photo Credit: maxsim/ stock.adobe.com