Email Account Breaches Reported by MultiPlan and Hawaii Independent Physicians Association
The medical payment billing service provider MultiPlan has announced a breach of its email environment. On January 27, 2021, suspicious activity was identified in the email account of one of its employees. Action was immediately taken to terminate unauthorized access and the employee’s email credentials were changed. MultiPlan immediately launched an investigation to determine the nature and scope of the breach, with assistance provided by forensics experts. The investigation confirmed that the main purpose of the attack was to divert wire transfers from MultiPlan customers looking to pay invoices. The email account was compromised and used by the attacker to communicate with those customers regarding billing, and to attempt to divert payments to an account under their control. While protected health information does not appear to have been targeted in the attack, the compromised email account was found to contain the protected health information of 214,956 individuals. That information could have been viewed or obtained by the attacker between December 23, 2020 and January 27,...
Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Affected by Elekta Ransomware Attack
Three more healthcare providers have announced they have been affected by the recent ransomware attack on the Swedish radiation therapy and radiosurgery solution provider Elekta Inc. Elekta provides a cloud-based mobile application called SmartClinic, which is used by healthcare providers to access patient information for cancer treatments. Cybercriminals gained access to Elekta’s systems between April 2, 2021 and April 20, 2021 exfiltrated the SmartClinic database prior to deploying ransomware and encrypting files. The database contained the personal and protected health information (PHI) of patients of 42 healthcare systems in the United States. Elekta notified affected customers in May 2021. Advocate Aurora Health has recently announced that 68,000 of its patients across 7 sites in Illinois have been affected by the attack. The following types of PHI were acquired by the ransomware gang: names, addresses, dates of birth, height and weight measurements, Social Security numbers, driver’s license numbers, diagnosis information, treatment information, and appointment confirmations....
U.S. Government Launches New One-Stop Ransomware Website
The Department of Justice and the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) have announced the launch of a new web resource that will serve as a one-stop-shop providing information to help public and private sector organizations deal with the growing ransomware threat. The new resource – StopRansomware.gov – is an interagency resource that provides guidance on ransomware protection, detection, and response in a single location. The new resource provides general information about ransomware, including what ransomware is and how it is used by cybercriminals to extort money from public and private sector organizations. Detailed information is provided on how organizations can improve their security posture and defend against attacks, including ransomware best practices, bad practices to avoid, cyber hygiene tips, FAQs, and training material. The website includes a newsroom with the latest ransomware-related advice, along with alerts from CISA, the FBI, Department of Treasury, and other federal agencies about the ever-evolving tactics, techniques, and procedures used...
Sierra Nevada Primary Care Physicians Alerts Patients About Theft of PHI
Sierra Nevada Primary Care Physicians in California is alerting 1,717 patients about an incident involving the theft of some of their protected health information, including names and credit card information. On May 20, 2021, Sierra Nevada Primary Care Physicians was notified by the District Attorney’s office that two envelopes containing receipts from the practice had been found in the vehicle of a suspect. The receipts were for payments made by patients between January 1, 2019 and March 20, 2019. For individuals who paid in person at the front desk using a debit or credit card, the receipts contained the individual’s name, name of the practice, amount charged, and the last four digits of the card number. Receipts for payments made by individuals using a debit card or credit card by mail or over the phone included that individual’s name, debit/credit card number, expiry date, CVV code, signature, practice name, and amount charged. The District Attorney confirmed that the two envelopes and receipts were recovered and the perpetrators were arrested. Sierra Nevada Primary Care...
Lake County Health Department Notifies 25,000 Patients About Two Data Breaches
The Lake County Health Department in Illinois has announced it has suffered two data breaches that potentially involved the personal and protected health information of around 25,000 patients. The first breach occurred in 2019 when a Lake County Health employee sent an unencrypted email from their work email account to an internal employee’s personal email account. The email had an attached spreadsheet of medical record requests dating from December 2016 to June 2019. The requests had been made through a third-party company which handled release of information requests for the Lake County Health Department. The spreadsheet included the names of 24,241 patients along with dates relevant to the vendor. Lake County Health discovered the breach on July 22, 2019; however, it took until July 2021 for notification letters to be sent to affected patients. The reason for the delay of almost two years was due to Lake County Health officials not believing notification letters were required, as no personal health information had been compromised; however, the Department of Health and Human...



