236,000 Individuals Affected by Fairfax Oral and Maxillofacial Surgery Ransomware Attack
Fairfax Oral and Maxillofacial Surgery in Virginia has confirmed that the protected health information of up to 235,931 individuals was potentially compromised in a ransomware attack in May 2023. The security incident was detected on May 16, 2023, when files were encrypted on its systems. The forensic investigation determined that an unauthorized third party had access to its network between May 15 and May 16, 2023.
According to the breach notification submitted to the Maine Attorney General, the investigation did not find any evidence of data theft, although the possibility that files were stolen could not be ruled out. The review of the files on the affected parts of the network determined they contained information such as names, driver’s license numbers, health insurance information, medical history information, and for some individuals, Social Security numbers. Fairfax Oral and Maxillofacial Surgery said it has taken steps to reduce the risk of this type of incident occurring in the future, including enhancing its technical security measures. A complimentary one-year membership to the Experian IdentityWorksSM Credit 3B service has been offered to the affected individuals.
Henwood Family Dentistry Says 7,300 Patients Affected by Cyberattack
Borgfeld Dental Center PLLC, doing business as Henwood Family Dentistry in San Antonio, TX, has recently announced that the protected health information of 7,300 patients was potentially accessed by unauthorized individuals in August. The security breach was detected on August 17, 2023, and the forensic investigation determined that access was gained to a desktop computer via a remote-access tool, and the credentials for a user account were used to access its network.
Henwood Family Dentistry said it is aware that one of its patients has been contacted directly by the attacker, and has advised patients not to engage with the attacker if they are contacted. The Federal Bureau of Investigation has been notified about the attack and is investigating. The types of data exposed varied from individual to individual and may have included one or more of the following: full name, date of birth, address, telephone number, email address, Social Security number, driver’s license number, government-issued identification number, health insurance information, and/or information regarding dental/orthodontic care.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Henwood Family Dentistry said it took several mitigation steps, including blocking the unauthorized access, changing passwords, replacing the hard drives of the affected computers, and has reviewed its security strategies and systems to identify possible enhancements. Affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Piedmont Healthcare Affected by Cyberattack on Administrative Services Provider
Piedmont Healthcare, Inc., a 23-hospital health system serving the southeast United States, was affected by a cyberattack on its claims processing and administrative services provider, Pharm-Pacc. The attack was detected on March 24, 2023, and on or around March 15, 2023, it was confirmed that protected health information stored on Pharm-Pacc’s systems was accessed. Piedmont Healthcare was notified it was affected on July 14, 2023. Pharm-Pacc has offered the affected individuals 12 months of credit monitoring, fraud consultation, and identity theft restoration services. 895 Piedmont patients are known to have been affected.
Navvis & Company Cyberattack Affects Multiple Clients
Navvis & Company, a subsidiary of Surround Care, LLC, has confirmed that the protected health information of 917 individuals has been exposed in a cyberattack. The attack was detected on July 25, 2023, and the forensic investigation confirmed that an unauthorized third party had access to its network between July 12, 2023, and July 25, 2023. The exposed information included names, dates of birth, Medicaid/Medicare ID numbers, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider/ doctor information, health record information, and for some individuals, Social Security numbers. Surround Care said no evidence of any identity theft or fraud has been identified in connection with this incident.
SSM Health in Illinois has recently confirmed that it was affected by the Navvis cyberattack and data breach, although it is currently unclear how many of its patients were affected. The breach is also known to have affected around 462,000 individuals who enrolled in health plans through the Hawaii Medical Service Association.
MOVEit Hacking Victims
Many HIPAA-covered entities and business associates have reported being affected by the mass exploitation of a zero-day vulnerability in Progress Software’s MOVEit file transfer solution in May 2023. IBM and San Diego Pace have now confirmed that they were affected.
IBM
IBM has started notifying 630,755 individuals that some of their protected health information was stolen by the Clop group when it exploited the MOVEit vulnerability in late May. The attack on IBM also affected the Missouri Department of Social Services (DSS), which reported that names, department client numbers, dates of birth, benefit eligibility status or coverage, and medical claims information, were compromised in the attack. The Colorado Department of Health Care Policy & Financing (HCPF) was also affected and said the protected health information of 4,091,794 individuals was stolen. In total, the data of more than 10 million individuals is believed to have been stolen in the attack on IBM.
San Diego PACE
San Diego PACE, a specialized health plan for individuals over 55 years of age, has confirmed that the information of some of its members has been stolen in a cyberattack on one of its vendors. Cognisight is a business associate that provides healthcare management services to San Diago PACE and uses Progress Software’s MOVEit solution for file transfers. The MOVEit solution was compromised in late May and on June 5, 2023, it was confirmed that some plan member data had been stolen. The delay in issuing notifications was due to the time taken to review the affected files and obtain up-to-date contact information. Affected individuals have been offered complimentary credit monitoring services.
