Cyberattacks Reported by McKenzie Health System & Omnicell

McKenzie Health System in Sandusky, MI, has recently started notifying 25,318 patients that some of their protected health information has been stolen in a recent security incident which has caused disruption to the operations of some of its systems. On March 11, 2022, suspicious activity was detected within its IT systems. Steps were immediately taken to secure those systems and a third-party investigator was engaged to determine the nature and scope of the security breach.

The investigation determined that an unauthorized individual had gained access to its network and exfiltrated files. The analysis of those files confirmed on April 22, 2022, that they contained patient information such as names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and/or health insurance information.

McKenzie Health System provided information on the steps that affected individuals should take to protect against the misuse of their personal and protected health information in its notification letters and said complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security numbers have been exposed or compromised. Additional safeguards and technical security measures have now been implemented to better protect sensitive data and to improve the monitoring of its systems.

The AvosLocker ransomware gang has claimed responsibility for the attack.

Please see the HIPAA Journal Privacy Policy

Omnicell Reports Recent Ransomware Attack in SEC Filing

Omnicell, a Mountain View, CA-based provider of medication management systems, has recently disclosed in an 8-K filing with the Securities and Exchange Commission (SEC) that it was the victim of a ransomware attack. The ransomware attack was detected on May 4, 2022, and resulted in certain internal information technology systems being taken offline.

Omnicell said it is still investigating the attack and the full effects are not yet known, but the attack has had an impact on some of the company’s products and services. Omnicell took immediate action when the attack was detected to prevent further unauthorized access to its systems, its business continuity plans were implemented, and it started working on restoring its systems. At the current stage of the investigation, Omnicell has been unable to determine the impact the attack will have on the business, the results of operations, or the financial impact of the attack, nor whether any impact will have a material adverse effect. Third-party cybersecurity experts have been engaged and are assisting with the investigation and recovery and the cyberattack has been reported to law enforcement.

Omnicell also recently submitted its quarterly earnings, and in its 10-Q form to the SEC explained that significant disruptions to its IT systems could adversely affect the business, as the company relies on its IT systems for maintaining financial and corporate records, communicating internally and with external parties, and operating critical business functions.

Omnicell explained that it does create backups and stores them securely off-site, but that the business would be adversely affected if it was not possible to restore systems and data from backups within an acceptable time frame and the business would also be adversely affected if a data theft incident occurred that resulted in the loss of intellectual property. It is unclear at this stage whether any sensitive data was stolen prior to the encryption of files.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.