UMC Health System Responding to Ransomware Attack
UMC Health System, which operates University Medical Center in Lubbock, Texas, has been forced to divert emergency and non-emergency patients to ensure patient safety and continuity of care due to an IT outage. Its facilities remain open for existing inpatients and care continues to be provided.
The outage occurred on September 26, 2024, and it has since been confirmed that it was caused by a ransomware attack that has affected multiple systems. The incident has affected its phone system, and it has not been possible to view messages in the patient portal. The health system has implemented its downtime procedures and is doing all it can to minimize disruption to patients.
UMC Health System is still responding to the outage and has launched an investigation to determine the extent of the breach and will issue updates as the investigation and recovery progress. At this stage, it is not possible to tell to what extent, if any, patient data has been compromised. Updates on the attack can be found here.
Community Clinic of Maui – Malama I Ke Ola Health Center
Community Clinic of Maui, doing business as Malama I Ke Ola Health Center in Wailuku, HI, has notified patients that it has fallen victim to a cyberattack. The incident was detected on May 7, 2024, and affected connectivity to its network. An investigation was launched to determine the nature and scope of the unauthorized activity, and the matter was reported to law enforcement. Assisted by third-party cybersecurity professionals, Malana determined that its network was accessed by an unauthorized third party between May 4 and May 7, 2024, and during that time files containing patient data may have been accessed or acquired.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The information potentially accessed varies from individual to individual and may include full names in combination with one or more of the following: Social Security number, date of birth, driver’s license number/state ID number, passport number, financial account number, routing number, bank name, credit/debit card number, card CVV, expiration date, PIN/security code, login information, medical diagnosis, clinical information, medical treatment/procedure information, treatment type, treatment location, treatment cost information, doctor’s name, medical record number, patient account number, prescription information and/or biometric data.
Notification letters were mailed to the affected individuals on September 26, 2024. Individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. The HHS’ Office for Civil Rights website indicates 123,816 individuals have been affected.
Tri-County Medical Supply and Respiratory Services Discovers ‘Insider’ Theft of Medical Records
Tri-County Medical Supply and Respiratory Services in Salem, AR, has recently notified patients about the theft of their medical records. The documents were stored in filing cabinets in its storage facilities. In mid-August, Tri-County Medical Supply and Respiratory Services discovered the filing cabinets containing the records had been stolen from the locked storage facilities. It is unclear when the filing cabinets were removed as the facilities were not regularly checked as they were used for long-term storage. Tri-County Medical Supply and Respiratory Services said they could have been stolen at any point in the past 2 years.
The records could have contained any information that was disclosed by patients to Tri-County Medical Supply and Respiratory Services, including names, dates of birth, and Social Security numbers, which could put the affected individuals at risk of identity theft and fraud. Tri-County Medical Supply and Respiratory Services believe that the perpetrators were former employees of the organization. The individuals suspected of the theft had already been found to have stolen other items from the organization and attempted to apply for credit in the organization’s name. Legal counsel has been retained to try to recover the stolen medical records through the Arkansas courts and the matter has been reported to law enforcement.
The affected individuals have been advised to monitor their accounts and credit reports for any unfamiliar or unexpected activity. The incident has been reported to the HHS’ Office for Civil Rights as involving the protected health information of up to 8,000 individuals.
