Cyberattack on The Medibase Group Affects 35,000 Patients
Cyberattacks have recently been announced by the Medibase Group, Therapeutic Health Services, and the law firm Smith, Gambrell & Russell.
The Medibase Group
The Medibase Group, Inc., a Woodstock, GA-based provider of software solutions, technical assistance, and business office solutions to healthcare delivery organizations, has experienced a cyberattack that exposed the protected healthcare information of 35,106 patients of its healthcare provider clients. The cyberattack occurred on or around January 26, 2024, and involved unauthorized access to one of Medibase’s systems. Prompt action was taken to contain the attack, and a leading security and forensics company was engaged to assist with the investigation. The investigation confirmed that the attack was limited to the Medibase system, and no client systems were compromised.
The review of the affected files revealed they contained full names, Social Security numbers, dates of birth, admission/discharge dates, outstanding balance amounts, and health insurance information. While data theft is possible, Medibase believes the attackers targeted company information rather than patient data. The affected healthcare provider clients were notified about the incident on May 8, 2024, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Medibase said it will continue to evaluate and deploy robust cybersecurity measures and will conduct continuous monitoring and provide staff training to prevent similar breaches in the future.
Therapeutic Health Services
Therapeutic Health Services (THS) in Seattle, WA, has discovered the protected health information of 14,164 patients may have been compromised in a cyberattack. The incident was detected on February 26, 2024, and immediate action was taken to secure its systems and prevent further unauthorized access. Third-party cybersecurity experts were engaged to assist with the investigation and help harden and enhance security to prevent further attacks.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The forensic investigation showed patient data had been exposed, such as full names, Social Security numbers, dates of birth, information regarding medical services provided by THS, and health information; however, no evidence was found to indicate any of that information had been misused. The affected individuals have been notified by mail and have been offered complimentary credit monitoring and identity theft restoration services.
The Hunters International threat group claimed responsibility for the attack.
Smith, Gambrell & Russell
The law firm Smith, Gambrell & Russell LLP, has notified 3,370 individuals that some of their protected health information was exposed and potentially stolen by unauthorized individuals. Suspicious activity was identified in its computer network on January 28, 2024, and assisted by third-party computer forensics specialists, the law firm determined that documents containing sensitive information had been subject to unauthorized access.
The review of those documents has recently been completed and has confirmed that they contained names in combination with one or more of the following: address, Social Security number, driver’s license number, government ID, medical information such as treatment, diagnosis, and medical history. The law firm has enhanced its endpoint monitoring software, performed a global password reset, and implemented additional security measures to prevent further security breaches.
