Data Breaches Reported by Horizon House and Samaritan Center of Puget Sound
Horizon House, Inc., a Philadelphia, PA-based provider of mental health and residential treatment services has announced its IT systems have been hacked and ransomware was deployed, with the attackers gaining access to systems containing the protected health information of 27,823 individuals. Suspicious activity was detected in its computer systems on March 5, 2021. An investigation was launched to determine the nature and scope of the breach, which revealed an unauthorized individual had access to its systems between March 2 and March 5, 2021. A review of files stored on the compromised systems was completed around September 3, 2021. The files contained protected health information such as names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, medical information, health insurance information, and medical claims information. All individuals affected by the...
PHI of 29,000 Patients Potentially Compromised in McAllen Surgical Specialty Center Ransomware Attack
McAllen Surgical Specialty Center in Texas has started notifying patients about a ransomware attack that was detected on May 14, 2021. Third-party computer forensics specialists were engaged to investigate the breach and determine the nature and scope of the attack. The investigators determined unauthorized individuals had gained access to certain computers and servers on May 12, 2021 and deployed ransomware. Unauthorized access to its network was blocked on May 14. A comprehensive analysis was conducted to determine the servers and computers that had been affected, and which had potentially been accessed by the hackers. On July 22, it was determined patient data had potentially been compromised in the attack. The affected computers and servers contained a range of patient information, with the types of exposed data varying from patient to patient. Data potentially affected included names, addresses, Social Security numbers, dates of service, health insurance information, provider name, patient numbers, and medical record numbers. No evidence of data theft was identified and...
Class Action Lawsuits Filed Against San Diego Health Over Phishing Attack
Multiple class action lawsuits have been filed against the Californian healthcare provider San Diego Health over a data breach involving the protected health information (PHI) of 496,949 patients. On March 12, 2021, San Diego Health identified suspicious activity in employee email accounts and launched an investigation. On April 8, 2021, it was determined multiple email accounts containing patients’ protected health information had been accessed by unauthorized individuals between December 2, 2020 and April 8, 2021. A review of the compromised email accounts confirmed them to contain protected health information such as names, addresses, dates of birth, email addresses, medical record numbers, government ID numbers, Social Security numbers, financial account numbers, and health information such as test results, diagnoses, and prescription information. HIPAA requires covered entities to issue notifications to affected individuals within 60 days of the discovery of a breach. San Diego Health published a substitute breach notice on its website on July 27, 2021 and started issuing...
Lisa J. Pino Named New Director of HHS’ Office for Civil Rights
Lisa J. Pino has been named Director of the Department of Health and Human Services’ Office for Civil Rights (OCR) and replaces Robinsue Frohboese, who has served as acting OCR Director since President Trump-appointed Roger Severino resigned from the post in mid-January. OCR is the main enforcer of compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Patient Safety and Quality Improvement Act, and Patient Safety Rule, as well as enforcing federal civil rights, conscience and religious freedom laws. Pino is from New York City, a fluent Spanish speaker, and the first-generation daughter of immigrant parents. She completed a B.A., M.A., and J.D. at Arizona State University with honors, and Harvard Kennedy School leadership program as a National Hispana Leadership Institute Fellow. Pino has served as legal aid attorney in the Southwest, fighting to protect the rights of migrant farm workers. Her civil rights activities carried on while working for the United States Department of Agriculture (USDA) where...
Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack
While there have been no reported cases of American patients dying as a direct result of a ransomware attack, a new study suggests patient mortality does increase following a ransomware attack on a healthcare provider. According to a recent survey conducted by the Ponemon Institute, more than one fifth (22%) of healthcare organizations said patient mortality increased after a ransomware attack. Ransomware attacks on healthcare providers often result in IT systems being taken offline, phone and voicemail systems can be disrupted, emergency patients are often redirected to other facilities, and routine appointments are commonly postponed. The recovery process can take several weeks, during which time services continue to be disrupted. While some ransomware gangs have a policy of not attacking healthcare organizations, many ransomware operations target healthcare. For instance, the Vice Society ransomware operation has conducted around 20% of its attacks on the healthcare sector and attacks on healthcare organizations have been increasing. During the past 2 years, 43% of respondents...



