Brockton Neighborhood Health Center Suffers Interlock Ransomware Attack
Brockton Neighborhood Health Center in Massachusetts has suffered an Interlock ransomware attack and data breaches have been announced by Kitsap Mental Health Services in Washington state and Continental Cafe Holdings in Michigan.
Brockton Neighborhood Health Center Suffers Interlock Ransomware Attack
Brockton Neighborhood Health Center in Massachusetts is alerting patients about a cyberattack detected on November 3, 2024. Suspicious activity was identified within its computer network, and an investigation was launched to determine the nature and scope of the incident. On November 18, 2024, Brockton Neighborhood Health Center learned that a threat actor had access to its network from November 1 through November 3, 2024, and viewed or copied certain files from its systems.
The file review confirmed on November 29, 2024, that the data related to patients who received treatment between 2017 and 2022, and included names, addresses, dates of birth, diagnoses/conditions, lab test results, medications, other treatment information, medical record numbers, and health insurance information. The affected individuals have been advised to monitor their account statements, explanation of benefits statements, and free credit reports for suspicious activity. The data breach was reported to the HHS’ Office for Civil Rights website as involving the electronic protected health information of 97,488 individuals.
The Interlock ransomware group claimed responsibility for the attack and added Brockton Neighborhood Health Center to its data leak site and published the stolen data. The recently announced 1.46 million record Texas Tech University Health Sciences Center data breach was also due to an Interlock ransomware attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Kitsap Mental Health Services Identifies Unauthorized Network Access
Kitsap Mental Health Services, a Bremerton, WA-based provider of mental healthcare services, has warned patients about a security breach detected on October 17, 2024. Suspicious activity was identified in its business network, and after securing its systems, an investigation was launched to determine the nature of the activity. The investigation confirmed unauthorized access to its network on September 17, 2024, and between October 8 and October 19, 2024.
The investigation is ongoing to determine which individuals have been affected and the exact data types involved; however, based on the current findings, the following information was exposed and potentially stolen: names, addresses, birth dates, Social Security numbers, driver’s license/state identification numbers, diagnoses/conditions, treatment information, medications, claims information, financial information, and other information created, used, or disclosed in the course of providing health care services. The breach has been reported to regulators and is currently listed on the HHS’ Office for Civil Rights website as affecting 500 individuals, a commonly used placeholder figure when the number of affected individuals has yet to be determined.
Continental Cafe Holdings Alerts Health Plan Members About Data Breach
Continental Cafe Holdings, a Michigan-based dining and refreshment service provider, has reported a breach of the protected health information of 5,039 health plan members to the HHS’ Office for Civil Rights.
The individual notification letters state that unusual activity was identified on October 18, 2024, which affected the functionality of its servers. The affected servers were isolated, and the incident was investigated. While the investigation is ongoing, it has been determined that the threat actors behind the incident viewed or obtained employees’ personal data, including full names, addresses, phone numbers, dates of birth, financial information, driver’s licenses, passports, and Social Security numbers.
Other compromised data includes health information provided in connection with insurance and employee benefits, including health insurance plan name and ID number, any health information shared in connection with conditions that affected the employee’s ability to work, doctors’ notes for medical conditions/work absences, and information about the administration of family Medical Leave Act accommodations. The affected individuals have been offered 18 months of complimentary credit monitoring services and state that cybersecurity measures are being enhanced to prevent similar breaches in the future.
