HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Assured Imaging Ransomware Attack Affects Almost 245,000 Patients

Tucson, AZ-based Assured Imaging, a subsidiary of Rezolut Medical Imaging and provider of Health Screening and Diagnostic Services, has announced it has suffered a ransomware attack that resulted in the encryption of its medical record system.

Assured Imaging discovered the attack on May 19, 2020 and worked quickly to stop any further unauthorized access and restore the encrypted data. Assisted by a third-party computer forensics firm, Assured Imaging investigated the ransomware attack to determine the scope of the breach. The investigation revealed an unauthorized individual gained access to its systems between May 15, 2020 and May 17, 2020 and exfiltrated “limited data” prior to the deployment of ransomware.

The forensic investigation confirmed data had been stolen but it was not possible to determine exactly what information was exfiltrated by the attackers. A review was conducted to identify all types of information that could potentially have been accessed. The compromised system was found to contain full names, addresses, dates of birth, patient IDs, facility used, treating clinicians’ names, medical histories, services performed, assessments of the service performed, and recommendations on future testing.

Assured Imaging is unaware of any misuse of patient data but does encourage all affected individuals to monitor their accounts and credit reports for any sign or fraudulent activity.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has been reported to law enforcement and the Department of Health and Human Services’ Office for Civil Rights. The OCR breach portal indicates up to 244,813 individuals were affected by the attack.

Email Breach Affects 6,000 Roper St. Francis Healthcare Patients

Charleston, SC-based Roper St. Francis Healthcare has had a data breach involving a single email account. The breach was detected on July 8, 2020, with the investigation revealing the email account was compromised between June 13, 2020 and June 17, 2020.

The forensic investigation confirmed the email account contained patients’ names, dates of birth, medical record or patient account numbers, and limited clinical and/or treatment information, including providers’ names, diagnoses, and/or procedure information. The health insurance information and/or Social Security numbers of a limited number of individuals were also stored in the email account. Approximately 6,000 patients have been affected by the breach.

Individuals whose Social Security number was compromised have been offered complimentary credit monitoring and identity theft protection services. Roper St. Francis Healthcare has reinforced training on email security and has augmented its email security measures.

This is not the first phishing attack to be reported by Roper St. Francis this year. In February, the healthcare provider announced the email accounts of 13 employees had been compromised as a result of a phishing attack between November 15 2018 and December 1, 2018.  The PHI of 35,253 patients was compromised in the breach.

Hamilton Health Center Reports Impermissible Disclosure of 10,000 Patients’ PHI

Harrisburg, PA-based Hamilton Health Center, Inc. has announced the protected health information of 10,393 individuals was impermissibly disclosed as a result of a recent phishing attack.

Hamilton Health Center learned on June 19, 2020 that a spreadsheet containing patient information had been sent to an unauthorized individual in response to a phishing email. The spreadsheet contained patients’ full names, member IDs, and dates of birth, along with one or more of the following data elements: Diagnosis, treatment, physical condition medications, dates of laboratory tests and/or examinations, and/or the name of the patient’s provider.

While the above data were impermissibly disclosed, no reports have been received to indicate any information has been misused. Affected individuals are being encouraged to monitor their explanation of benefits statements for any sign of misuse of their information.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.