On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95%
Immediate intervention following an instance of unauthorized access to protected health information (PHI) by a healthcare employee is 95% effective at preventing repeat offenses, according to a new study published in JAMA Open Network. Healthcare data breaches are occurring at record levels, and while large data breaches are often the result of hacking and other IT incidents, insider breaches such as snooping on medical records are common. According to HHS data, in 2019, 92% of combined small and large breaches were tied to unauthorized access. While many cases of employees snooping on the medical records of VIP patients have been covered in the media, these types of snooping incidents are relatively uncommon. It is much more common for healthcare employees to access the medical records of family members, friends, and colleagues, and those privacy violations can be just as damaging for patients. All cases of unauthorized access start with an employee accessing a single patient record, but they can easily turn into major data breaches if left unchecked. There have been several HIPAA...
Deaconess Health System and Blue Earth County Notify Patients About Insider Data Breaches
Indiana-based Deaconess Health System and Blue Earth County in Minnesota have notified individuals that sensitive personal information has been accessed by employees without authorization. Deaconess Health System Notifies Female Patients About Unauthorized Medical Record Access by Physician A physician formerly employed by Deaconess Health System in Evansville, IN, has been discovered to have accessed the medical records of female patients without authorization. On January 26, 2022, the unauthorized medical record access was discovered by Deaconess Health System during a routine audit of access logs. According to the law firm Ladendorf Law of Indianapolis, which spoke with six women who were notified about the privacy breach by Deaconess Health System, the unauthorized first occurred no later than June 2020. According to attorney Taylor Ivy, all six of the women said the first contact occurred in bars in the West Side of the city. The physician had approached them and started talking to them and obtained information about them during the encounter. It appears that the physician...
Email Account Breaches Reported by Newman Regional Health and Contra Costa County
Newman Regional Health (NRH), which operates a 25-bed critical access hospital in Emporia, KS, has recently started notifying 52,224 patients that unauthorized individuals have gained access to certain employee email accounts that contained protected health information. NRH explained on its website that a limited number of employee email accounts were accessed by unauthorized individuals over a period of 10 months in 2021 between January 26, 2021, and November 23, 2021. When the security breach was identified, prompt action was taken to secure the accounts and an investigation was launched to determine the extent and nature of the breach. NRH said a review of the emails in the compromised accounts confirmed on March 14, 2022, that the following types of patient information had been exposed: Names, dates of birth, medical record/ID numbers, addresses, phone numbers, e-mail addresses, and limited heath, treatment or insurance information, and for employees, information collected in connection with an individual’s receipt of services from or employment with NRH. A subset of...
Urgent Team Holdings Reports Breach of the PHI of 166,600 Individuals
Urgent Team Holdings, which operates more than 70 urgent care and walk-in centers in Alabama, Arkansas, Georgia, Mississippi, and Tennessee, has recently notified 166,601 patients that some of their protected health information may have been obtained by unauthorized individuals in a November 2021 cyberattack. Urgent Team said it discovered its network had been compromised between November 12, 2021, and November 18, 2021. Assisted by third-party cybersecurity experts, Urgent Team discovered files may have been exfiltrated from its systems that contained the protected health information of patients. A comprehensive review of the files was completed on January 31, 2022, and confirmed they contained patients’ full names, dates of birth, and medical record numbers. While data theft may have occurred, no evidence of data exfiltration was identified and there have been no reports of any misuse of patient data. To improve security, Urgent Team has implemented multi-factor authentication and has added extra layers of security to its systems to reduce the risk of unauthorized access. A new...
Microsoft Sinkholes Notorious ZLoader Botnet
The notorious ZLoader cybercrime botnet, which was used to deliver Ryuk ransomware in attacks on healthcare providers, has been disabled by Microsoft’s Digital Crimes Unit (DCU). Microsoft recently obtained a court order from the United States District Court for the Northern District of Georgia authorizing the seizure of 65 hard-coded domains used by the ZLoader botnet for command-and-control communications. Those domains have now been sinkholed, preventing the operator of the botnet from communicating with devices infected with ZLoader malware. ZLoader malware included a domain generation algorithm (DGA) which is triggered if communication with the hard-coded domains is not possible, which serves as a failsafe against any takedown efforts. The court order also allowed Microsoft to seize 319 DGA-registered domains. Microsoft is working to block the registration of any future DGA domains. ZLoader is part of a family of malware variants that descended from the ZeuS banking Trojan. Initially, ZeuS was used for credential and financial theft, with the aim of transferring money out of...



