PHI of 26,600 Individuals Potentially Copied in Colorado Retina Associates Phishing Attack
On January 12, 2021, Denver-based Colorado Retina Associates discovered the email account of one of its employees had been accessed by an unauthorized individual who used it to send phishing emails to individuals in the employee’s contact list. The email account was immediately secured and a cybersecurity firm was engaged to investigate the incident to determine the extent of the breach. That investigation concluded on February 24, 2021 and revealed other email accounts had also been compromised, two of which contained patients’ protected health information. The nature of the attack meant that between January 6, 2021 and January 17, 2021, synching may have occurred. That means the contents of the email accounts may have been copied to the attacker’s device. A comprehensive review of the email accounts was performed which revealed the protected health information of 26,609 individuals was stored in the accounts. The types of PHI varied from individual to individual may have included full names, date of birth, home addresses, phone numbers, email addresses, dates of service,...
2020 Saw Major Increase in Healthcare Hacking Incidents and Insider Breaches
2021 was a challenging year for healthcare organizations. Not only was the industry on the frontline in the fight against COVID-19, hackers who took advantage of overrun hospitals to steal data and conduct ransomware attacks. The 2021 Breach Barometer Report from Protenus shows the extent to which the healthcare industry suffered from cyberattacks and other breaches in 2020. The report is based on 758 healthcare data breaches that were reported to the HHS’ Office for Civil Rights or announced via the media and other sources in 2020, with the data for the report provided by databreaches.net. The number of data breaches has continued to rise every year since 2016 when Protenus started publishing its annual healthcare breach report. 2020 saw the largest annual increase in breaches with 30% more breaches occurring than 2019. Data was obtained on 609 of those incidents, across which 40,735,428 patient and health plan members were affected. 2020 was the second consecutive year that saw more than 40 million healthcare records exposed or compromised. Healthcare Hacking Incidents Increased...
Reinvestigation of 2019 Metro Presort Ransomware Attack Reveals PHI May Have Been Compromised
The Portland, OR-based technology and communication solution provider Metro Presort suffered a ransomware attack on May 6, 2019 which resulted in the encryption of files and locked staff out of its systems. The ransomware attack was promptly identified and was contained by May 15, 2019 and the company was able to recover from the attack relatively quickly. An investigation into the attack found no evidence to suggest files were removed from its system, and since the company already encrypted customer data, the attackers would not have been able to access any sensitive information. In October 2020, Metro Presort reinvestigated the attack and the secondary investigation was unable to confirm that files containing customer data were definitely encrypted before the attack. The invoices, statements, and spreadsheets that Metro presort processed for clients, including healthcare organizations, could potentially have been accessed. An analysis of those files confirmed they contained patient names, addresses, dates of birth, patient and health plan IDs or account numbers, appointment...
Ransomware Gangs Claim Three More Healthcare Victims
PeakTPA, a St. Louis, MO-based provider of health plan management and back-office services, has announced it suffered a cyberattack on or around December 28, 2020 in which protected health information was stolen. The security incident was detected on December 31 and involved two cloud servers used by the company to manage program of all-inclusive care for the Elderly (PACE) claims. According to the breach report submitted to the HHS’ Office for Civil Rights, the PHI of up to 50,000 individuals was stolen or exposed. An investigation into the attack confirmed the attackers obtained full names, home addresses, dates of birth, Social Security numbers, PACE program IDs, and diagnosis and treatment information. Affected individuals have been notified and offered complimentary membership to credit monitoring, fraud consultation, and identity theft restoration services via Kroll. St. Bernard’s Total Life Healthcare, Inc., which provides PACE in Northeast Arkansas, and Rocky Mountain Health Care Services in Colorado Springs have confirmed that 528 of their patients have been impacted by...
NY Nurse Pleads Guilty to Tampering with a Consumer Product in HIPAA Case
A former Roswell Park Comprehensive Cancer Center nurse has pleaded guilty to tampering with a consumer product in a case involving fraud and HIPAA violations. In 2018, 6 patients of Roswell Park Comprehensive Cancer Center contracted a Sphingomonas paucimobilis bloodstream infection within the space of a few weeks. An investigation found syringes of hydromorphone had been contaminated with the bacteria. The cancer center suspected a nurse had removed some of the medication and replaced it with an equal volume of water. Kelsey Mulvey, 28, of Grand Island, NY, was placed on administrative leave in June 2018 after it was discovered she had stolen pain medication and resigned from her position at the cancer center in July 2018. Appropriate authorities were notified including the New York State Department of Health, the NYS Department of Education, Bureau of Narcotics and Tobacco Enforcement, and the U.S. Drug Enforcement Agency and in July 2019, Kelsey was charged by the U.S. Attorney’s office with tampering with a consumer product, acquiring controlled substances by fraud, and...



