Cyberattacks Reported by Schneck Medical Center and Epilepsy Foundation of Texas
Schneck Medical Center in Seymour, IN has announced it was a victim of a cyberattack which has had an impact on organizational operations.
The attack was detected on September 29, 2021 and an announcement was made the same day. In response to the attack, all IT systems within its facilities were suspended out of an abundance of caution, and third-party cybersecurity experts have been engaged to assist with the investigation and restore its IT system as quickly as possible. Schneck Medical Center said investigations into cyberattacks and the restoration of IT systems take time to fully resolve, but steps have been taken to minimize disruption to its systems.
Schneck Medical Center said most medical services have not been affected by the attack and patients should arrive as normal for scheduled services and appointments. Patients will be notified individually if for any reason their appointment has had to be postponed as a result of the attack.
“As a team of dedicated and caring medical professionals, we understand that healthcare is about people taking care of people. We remain committed to continuing to provide exceptional care to our communities and will provide additional updates as appropriate,” said Schneck Medical Center in its breach notification.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
At this stage it is unclear if patient information has been compromised. Further information will be released about the attack if the investigation confirms the attackers gained access to systems containing patient information.
PHI Potentially Compromised in Epilepsy Foundation of Texas Phishing Attack
The email account of an employee of Epilepsy Foundation of Texas has been accessed by an unauthorized individual who potentially viewed or obtained sensitive patient data. Epilepsy Foundation of Texas discovered the email account had been compromised on or around June 8, 2021 when the account was used to send fraudulent emails. The email account was immediately secured and an investigation was conducted to determine the nature and scope of the breach.
The investigation confirmed the account was breached when the employee responded to a phishing email. An analysis of the incident and review of the information in the email account was completed on September 2, 2021 and efforts were then made to obtain accurate address information for affected individuals to allow notifications to be sent. Notification letters started to be sent to affected individuals on October 1, 2021.
Epilepsy Foundation of Texas said the compromised email account contained first and last names, dates of birth, driver’s license numbers, health insurance information, financial account numbers, Social Security numbers, biometric data, payment card numbers, usernames and passwords, and medical information.
Following the attack, security protocols were reviewed and have now been enhanced. Epilepsy Foundation of Texas said it is unaware of any cases of attempted or actual misuse of patient data but has advised affected patients to exercise caution and monitor their accounts and explanation of benefits statements for signs of fraudulent activity.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 2,824 individuals.
