Cyberattacks Reported by Precision Imaging Centers, Marshall & Melhorn, and Atrium Health Wake Forest Baptist
Precision Imaging Centers in Jacksonville, FL, has recently notified 31,010 patients about a security breach that occurred on or around November 2, 2022. Unauthorized individuals gained access to its network and exfiltrated files containing sensitive patient information. The compromised information varied from patient to patient and may have included first and last names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government-issued identification numbers, health insurance information, medical conditions/diagnoses, and other health or medical information.
Precision Imaging Centers said the attack was conducted by a high-profile threat actor group, and shortly after the attack was confirmed, a law enforcement operation resulted in the threat group’s websites and servers being seized, which suggests the threat actor behind the attack was the Hive ransomware group. Precision Imaging Centers said no evidence of misuse of personal information has been detected.
Precision Imaging Centers isolated its network when the breach was detected, and a forensic investigation and document review were conducted. Precision Imaging Centers said that the document review concluded on June 20, 2023, and notification letters were mailed on June 22, 2023. Affected individuals have been offered credit monitoring and identity theft protection services through IDX. Precision Imaging Centers has implemented new systems and has enhanced its security protocols to prevent similar attacks in the future.
Ohio Law Firm Notifies Individuals About September 2021 Data Breach
The Toledo, OH-based law firm, Marshall & Melhorn, LLC, recently started notifying 9,412 individuals that some of their protected health information was exposed in a 2021 cyberattack. According to the notification letters, a computer network outage occurred on September 14, 2021. An investigation was immediately launched, and it was determined that an unauthorized actor had access to its network from August 20, 2021, to September 14, 2021; however, the investigation was unable to determine the exact files that had been accessed or obtained.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Marshall & Melhorn said it conducted a review of all files potentially involved, and that process was completed on May 19, 2023, 18 months after the breach was detected. Efforts were then made to contact the affected clients and obtain up-to-date contact information. That process was completed on May 19, 2023, and notification letters were mailed on June 7, 2023, including on behalf of its client, Lima Memorial Health System.
The information potentially accessed included names, addresses, Social Security numbers, financial account information, driver’s licenses and state identification information, passport information, medical information, and health insurance information. The law firm says it has implemented additional cybersecurity measures in response to the breach and has detected no misuse of the exposed information. Credit monitoring services do not appear to have been offered.
Atrium Health Wake Forest Baptist Suffers Phishing Attack
Atrium Health Wake Forest Baptist in Winston-Salem, NC, has recently announced that patient information was stored in an employee email account that was accessed by unauthorized individuals as a result of the employee being tricked by a phishing email.
The attack occurred on April 20, 2023, and the unauthorized access was detected and blocked the same day. The forensic investigation confirmed that unauthorized access had been blocked, the breach was confined to a single email account, and that the email account contained the protected health information of 3,679 individuals. While protected health information may have been viewed or obtained, the forensic investigation determined that the unauthorized access was not focused on the content of the email account.
The information in the account varied from patient to patient and likely included one or more of the following: name, date of birth, hospital account record number, health insurance information, treatment cost information, and/or clinical information, such as date(s) of service, provider name, and location(s) of service. For a limited number of individuals, Social Security numbers were also exposed.
Notification letters have been mailed and individuals who had their Social Security numbers exposed have been offered complimentary credit monitoring and identity protection services. Security controls have been enhanced and phishing training will continue to be provided to the workforce.
