314,000 Patients Affected by Cyberattack on CompleteCare Health Network
CompleteCare Health Network, a health system serving patients in southern New Jersey, has recently confirmed that the protected health information of 313,973 patients has potentially been compromised in an October 2023 ransomware attack.
An unauthorized third party gained access to certain CompleteCare Health Network computer systems and attempted to use ransomware to encrypt files. CompleteCare Health Network said this was a sophisticated ransomware attack that was detected and stopped on or around October 12, 2023. Third-party cybersecurity experts were engaged to investigate the attack and determine the nature of any unauthorized activity, and whether any patient data was involved. The substitute breach notice on the CompleteCare Health Network states, “Please know that we have taken steps to ensure your data will not be further published or distributed,” which appears to confirm that there was data exfiltration, the threat group behind the attack threatened to publish the data, and payment was made to prevent that outcome.
CompleteCare Health Network conducted a review of all files on the affected systems and confirmed they contained protected health information. The types of information involved varied from patient to patient and may have included names, phone numbers, addresses, and some sensitive personal information and/or personal health information. Notification letters started to be mailed to the affected individuals on December 15, 2023. Each individual notification letter states the exact types of data involved. CompleteCare Health Network said no reports have been received to indicate any actual or attempted misuse of patient data, but as a precaution, complimentary credit monitoring and identity theft protection services have been offered to the affected individuals.
“Data security is one of our highest priorities. Upon discovering the incident, we immediately took the affected systems offline and began the process of securing and confirming the fortification of our systems,” said a spokesperson for CompleteCare Health Network. Measures taken in response to the breach include revising policies and procedures and network security software, and reviewing how patient data are stored and managed. Since the attack, the network has been monitored 24/7 by third-party cybersecurity experts and CompleteCare Health Network has engaged leading cybersecurity firms to assist with monitoring its network for the long term.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
