Chelan Douglas Health District located in East Wenatchee, WA, has reported that it encountered a cyberattack last July 2021 wherein the personal data and protected health information (PHI) of patients was stolen from its network. The breach notice posted on Chelan Douglas Health District site doesn’t mention when the breach was noticed, however, a third-party cybersecurity firm investigated the incident and affirmed that unauthorized individuals accessed its system between July 2 and July 4, 2021. An agent for the health district mentioned it wasn’t a ransomware attack.
The assessment of the files that were taken from its systems was carried out on February 12, 2022, and established the theft of the following types of patient information: Names, dates of birth/death, Social Security numbers, financial account details, treatment data, diagnosis details, medical record/ patient numbers, and medical insurance policy details.
Sending of notification letters to affected individuals began on March 15, 2022. Persons who had their Social Security numbers compromised were given free credit monitoring services. Chelan Douglas Health District stated it did not get any information of identity fraud or misuse of patient records. Steps have already been done to enhance the security of its systems to stop more data breaches later on.
The cyberattack is not yet published on the HHS’ Office for Civil Rights web page, thus it is presently unknown exactly how many people were impacted. There were a few reports in the news that suggest the PHI of roughly 109,000 persons had been stolen during the attack.
Liberty of Oklahoma Corporation Reports BEC Attack
Oklahoma’s Department of Human Services and Liberty of Oklahoma Corporation (LOC) have reported a business email compromise attack that occurred in the beginning of December 2021 possibly allowing access to patient data.
On December 7, 2022, a staff member in the Oklahoma Waitlist program obtained an email message from a spoofed email account that tried to reroute payments that were payable to LOC. The scam was noticed therefore there were no bogus payments made, however, the investigation into the occurrence showed the email account of a LOC staff was exposed.
The email account was promptly deactivated, and an analysis was done to find out the types of data that were likely accessed or exfiltrated. The review affirmed the compromise of names, Social Security numbers, addresses, birth dates, telephone numbers, Oklahoma customer Numbers, and the contact data of representing individuals.
LOC filed the breach report to the HHS’ Office for Civil Rights stating that 5,746 persons were affected.
Data Breach at East Tennessee Children’s Hospital
East Tennessee Children’s Hospital is presently looking into a security breach that transpired on March 13, 2022, and prompted disruption to its IT systems. A hospital representative mentioned the incident didn’t impact the capability of the hospital to deliver care to patients and its internal teams and external services are doing the job to lessen the interruption brought about by the incident.
A forensic investigation was begun to identify the nature and extent of the security breach, nevertheless, at this point of the investigation, it’s unknown whether any patient file was viewed or stolen.