Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches
Jun24

Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches

Cybercriminals are managing to find and exploit vulnerabilities to gain access to healthcare networks and patient data with increasing regularity. The past two months have been the worst and second worst ever months for healthcare data breaches in terms of the number of breaches reported. Phishing attacks on healthcare organizations have increased and email is now the most common location of breached protected health information. However, a recent analysis of the data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in the past 12 months has revealed servers to be the biggest risk. Servers were found to be involved in more than half of all healthcare data breaches. Clearwater Cyberintelligence Institute (CCI) analyzed the 90 healthcare data breaches reported to OCR in the past 12 months. Those breaches resulted in the exposure, impermissible disclosure, or theft of the records of more than 9 million individuals. The CCI analysis revealed 54% of all reported breaches of 500 or more healthcare records were in some way related to servers....

Read More
Phishing Attacks Reported by Broome County, NY and UMassMemorial Community Healthlink
Jun21

Phishing Attacks Reported by Broome County, NY and UMassMemorial Community Healthlink

Broome County in New York has started notifying 7,048 individuals that some of their protected health information (PHI) was compromised in a phishing attack on county employees. Broome County officials learned about the attack on January 2, 2019 when it was discovered that an employee’s direct deposit account information had been changed. An investigation was immediately launched which revealed ‘numerous’ Broome County email accounts had been compromised as a result of responses to phishing emails. Further, an unauthorized individual had also gained access to employees’ PeopleSoft accounts. A computer forensics expert was hired to assist with the investigation and determine how and when access to the accounts was first gained. That investigation revealed the first accounts were compromised on November 20, 2018 and further accounts were compromised up to January 2, 2019. Employee direct deposit information has been checked and all emails and email attachments in the compromised accounts have been analyzed. Broome County says multiple county departments were affected, including the...

Read More
Ransomware Attack Affects More than 60 Assisted Living Facilities
Jun21

Ransomware Attack Affects More than 60 Assisted Living Facilities

A provider of software for assisted living communities has experienced a ransomware attack that has affected more than 60 facilities that use the software. Tenx Systems, doing business as ResiDex Software, said the attack occurred on April 9, 2019 and affected its server infrastructure. Rapid action was taken to move the servers to a new hosting provider and files were seamlessly recovered from backups the same day as the attack. No ransom was paid. A forensic investigation was launched to determine whether any files had been accessed or other malicious actions had been performed by the attackers. The investigation revealed its servers were first compromised on April 2, 2019, 7 days prior to the deployment of ransomware. While extortion through file encryption may have been the main aim of the attack, it is possible that the attackers gained access to names, Social Security numbers, and medical records contained in the ResiDex system. It was not possible to establish which, if any, records were subjected to unauthorized access due to the complexity of the attack and the steps taken...

Read More
May 2019 Healthcare Data Breach Report
Jun20

May 2019 Healthcare Data Breach Report

In April, more healthcare data breaches were reported than in any other month to date. The high level of data breaches has continued in May, with 44 data breaches reported. Those breaches resulted in the exposure of almost 2 million individuals’ protected health information. On average, 2018 saw 29.5 healthcare data breaches reported to the HHS’ Office for Civil Rights each month – a rate of more than one a day. From January 2019 to May 2019, an average of 37.2 breaches have been reported each month. Up until May 31, 2019, 186 healthcare data breaches had been reported to OCR, which is more than half (52%) the number of breaches reported last year. It remains to be seen whether the increase in data breaches is just a temporary blip or whether 40+ healthcare data breaches a month will become the new norm. May saw a 186% increase in the number of exposed records compared to April. Across the 44 breaches, 1,988,376 healthcare records were exposed or compromised in May. So far this year, more than 6 million healthcare records have been exposed, which is more than half of the number of...

Read More
Oregon Department of Human Services Notifies 645,000 Clients of Phishing Breach
Jun20

Oregon Department of Human Services Notifies 645,000 Clients of Phishing Breach

The Oregon Department of Human Services (ODHS) is notifying 645,000 clients that some of their personal information has potentially been compromised as a result of a phishing attack. The targeted attack started on January 9, 2019 and resulted in 9 ODHS employees following links in emails and disclosing their login credentials. ODHS and the Department of Administrative Services Enterprise Security Office discovered the breach on January 28 following reports from employees who believed their email accounts had been accessed. All affected email accounts were rapidly identified and remote access to the accounts was blocked the same day. An investigation was launched into the breach to determine what protected health information may have been viewed and who had been affected. That process has taken some time to complete as it involved checking around 2 million emails. The attackers accessed the compromised accounts and were able to access emails in the accounts for a period of 19 days. ODHS has confirmed that no malware was installed by the attackers but they may have viewed or obtained...

Read More