Unsecured Database of Addiction Service Provider Potentially Contained Records of 145,000 Patients
Apr23

Unsecured Database of Addiction Service Provider Potentially Contained Records of 145,000 Patients

A database containing highly sensitive information of patients who had previously sought treatment for addiction at rehabilitation centers has been discovered to be freely accessible over the internet. The database contained approximately 4.91 million records which related to an estimated 145,000 patients of the Levittown, PA-based addiction rehabilitation service provider Steps to Recovery. The unsecured database was discovered on March 24, 2019 by Justin Paine, Director of Trust and Safety at Cloudflare. Following the discovery, Paine notified Steps to Recovery and its hosting provider on March 24. No reply was received from Steps to Recovery, but its hosting company made contact and the database has now been secured and is no longer accessible online. Paine had performed a search on the Shodan search engine to identify unsecured databases and devices. According to Paine, the ElasticSearch database contained two indexes which included more than 1.45 GB of data. The information could be accessed by anyone over the internet without the need for any authentication. The database was...

Read More
60,000 Records Exposed in EmCare Phishing Attack
Apr23

60,000 Records Exposed in EmCare Phishing Attack

The Dallas, TX-based physician staffing company EmCare has announced that it has suffered a data breach that has impacted approximately 60,000 individuals, 31,000 of whom were patients. The exposed information was detailed in emails and email attachments in employee email accounts that were accessed by an unauthorized individual after several employees responded to phishing emails and disclosed their email credentials. It is unclear from Emcare’s breach notice when the breach occurred and how long the attackers had access to email accounts. The breach was discovered on February 19, 2019. An investigation was launched and, assisted by a third-party computer forensics company, it was discovered that the compromised email accounts contained information about patients, employees, and contractors. The following information was saved in email accounts and was potentially accessed or copied by the attackers: Names, dates of birth, driver’s license numbers, Social Security numbers, demographic information, and clinical information. The investigation did not uncover evidence to suggest...

Read More
Klaussner Furniture Industries Discovers Health Plan Data of 9,352 Employees Has Potentially Been Compromised
Apr19

Klaussner Furniture Industries Discovers Health Plan Data of 9,352 Employees Has Potentially Been Compromised

The protected health information of 9,352 current and former employees of Klaussner Furniture Industries, Inc., and some dependents of those employees, has been exposed as a result of a security breach. In February 2019, Klaussner Furniture learned that computers had been accessed by unauthorized individuals. A leading cybersecurity firm was retained to conduct a forensic investigation, which confirmed that two computers had been accessed by an unauthorized third party. An analysis of the computers revealed they contained files that included first and last names, dates of birth, addresses, Social Security numbers, health benefit election(s), and some health information. No evidence was found that suggests employee information was accessed, copied, or misused, although it was not possible to rule out data access and exfiltration. Individuals whose information was exposed had either worked at the company in 1998 or were employed at some point between 2004 and February 25, 2019. The sensitive information of dependents of those employees was only exposed if they had been listed on...

Read More
Centrelake Medical Group Discovers Servers Compromised and Virus Deployed
Apr18

Centrelake Medical Group Discovers Servers Compromised and Virus Deployed

Centrelake Medical Group, a network of 8 medical imaging and oncology centers in California, is notifying certain patients that some of their protected health information has been exposed as a result of a computer virus. The computer virus was discovered in February 2019 when it prevented the medical group from accessing its files. The virus appears to be a form of ransomware, although no mention of ransomware or a ransom demand was made in the media notice issued by Centrelake. Centrelake retained a computer forensics company to assist with the investigation to determine the scope of the attack and whether any files containing protected health information had been accessed or copied. The investigation revealed an unauthorized individual had gained access to its servers on January 9, 2019. Prior to deploying the virus on February 19, 2019, the unauthorized individual was able to access the servers undetected. It is not unusual for ransomware to be installed on systems after hackers have breached security defenses. In some cases, ransomware is deployed after the system has been...

Read More
11,639 Individuals Impacted by Riverplace Counseling Center Malware Attack
Apr18

11,639 Individuals Impacted by Riverplace Counseling Center Malware Attack

Riverplace Counseling Center in Anoka, MN, has discovered malware has been installed on its systems which may have allowed unauthorized individuals to gain access to patients’ protected health information. The malware infection was discovered on January 20, 2019. The counseling center engaged an IT firm to conduct a forensic analysis, remove the malware, and restore its systems from backups. The analysis was completed on February 18, 2019. The IT firm did not find evidence that suggested patient information had been subjected to unauthorized access or had been copied, but data access and PHI theft could not be totally ruled out. The types on information stored on the affected systems included names, addresses, dates of birth, health insurance information, Social Security numbers, and treatment information. Affected individuals were notified about the data breach on April 11, 2019 and have been offered identity theft monitoring services via Kroll for 12 months at no cost. No reports have been received to date to suggest any patients’ PHI has been misused. Riverplace Counseling...

Read More