Gastroenterology Consultants Notifies Patients About January 2021 Ransomware Attack
On January 10, 2021, Gastroenterology Consultants, PA suffered a ransomware attack that resulted in the encryption of sensitive data. Yesterday, notifications were sent to patients potentially affected by the attack to inform them that their protected health information may have been accessed or compromised in the attack. Gastroenterology Consultants, the largest partnership GI practice in Houston, TX, launched an investigation into the attack and took steps to remove the attackers from its network and restore affected data. A substitute breach notice was uploaded to the company website on March 19, 2021 advising patients about the attack. No evidence was found to indicate any patient data were accessed by the attacker or exfiltrated in the attack. Attacks such as this typically warrant breach notification letters, as while evidence of data theft may not be found, it is usually not possible to rule out unauthorized access to PHI with a high degree of certainty. In this case, Rather than identify the individual patients affected by the attack, the decision was taken to notify all...
UF Health Says PHI Potentially Compromised in May 2021 Cyberattack
On May 31, 2021, UF Health Central Florida experienced a cyberattack that affected Leesburg Hospital and The Villages Hospital. The security breach was announced by UF Health within a few hours of the attack being detected, although at the time it was unclear whether any patient data had been compromised in the incident. An investigation into the breach was conducted which determined the attackers had access to its computer network between May 29 and May 31, 2021, and while unauthorized access to patient data was not confirmed, UF Health has now reported that some patient data may have been accessible. The exposed data included names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers and patient account numbers, and limited treatment information. UF Health said its electronic medical records were not involved or accessed, and the breach did not affect its Gainesville or Jacksonville campuses. UF Health said it has no reason to believe any exposed data has been misused or disclosed; however, as a precaution against identity...
73% of Businesses Suffered a Data Breach Linked to a Phishing Attack in the Past 12 Months
Ransomware attacks have increased significantly during the past year, but phishing attacks continue to cause problems for businesses, according to a recent survey conducted by Arlington Research on behalf of security firm Egress. Almost three quarters (73%) of surveyed businesses said they had experienced a phishing related data breach in the past 12 months. The survey for the 2021 Insider Data Breach Report was conducted on 500 IT leaders and 3,000 employees in the United States and United Kingdom. The survey revealed 74% of organizations had experienced a data breach as a result of employees breaking the rules, something that has not been helped by the pandemic when many employees have been working remotely. More than half (53%) of IT leaders said remote work had increased risk, with 53% reporting an increase in phishing incidents in the past year. The increased risk from remote working is of concern, especially as many organizations plan to continue to support remote working or adopt a hybrid working model in the future. 50% of IT leaders believe remote/hybrid working will make...
Healthcare Industry has Highest Number of Reported Data Breaches in 2021
Data breaches declined by 24% globally in the first 6 months of 2021, although breaches in the United States increased by 1.5% in that period according to the 2021 Mid-Year Data Breach QuickView Report from Risk-Based Security. Risk Based Security identified 1,767 publicly reported breaches between January 1, 2021 and June 30, 2021. Across those breaches, 18.8 billion records were exposed, which represents a 32% decline from the first 6 months of 2020 when 27.8 billion records were exposed. 85% of the exposed records in the first half of 2021 occurred in just one breach at the Forex trading service FBS Markets. The report confirms the healthcare industry continues to be targeted by cyber threat actors, with the industry having reported more data breaches than any other industry sector this year. Healthcare has been the most targeted industry or has been close to the top since at least 2017 and it does not appear that trend will be reversed any time soon. 238 HIPAA data breaches were reported in the first 6 months of 2021, with finance & insurance the next most attacked sector...
Phishing Attacks Reported by Academic HealthPlans and Wayne County Hospital
Academic HealthPlans, Inc. (AHP) has discovered an unauthorized individual has gained access to the email accounts of two employees following responses to phishing emails. AHP was alerted to a potential breach when suspicious activity was detected in its Microsoft Office 365 email environment. The affected accounts were secured, and an investigation was launched to determine the extent of the breach. On June 4, 2021, AHP determined that the email accounts were compromised as a result of phishing attacks between August 6, 2020 and August 24, 2020, and on October 2, 2020. The breach was limited to those two accounts and did not involve any other systems. A comprehensive and time-consuming programmatic and manual review was conducted to identify the individuals and information affected. That review confirmed that the email accounts contained information related to the student health plans AHP administers. The exposed data include student names, dates of birth, Social Security numbers, health insurance member numbers, claims information, and diagnoses and treatment information. No...



