Daviess Community Hospital Investigating Potential Cyberattack
Daviess Community Hospital, an Ascension St. Vincent affiliated hospital in Washington, IN, has recently announced that it has launched an investigation after being notified by the U.S. Department of Homeland Security (DHS) about a possible security breach. According to the DHS, a security issue was identified during routine monitoring which may have been exploited by cyber actors.
Hospital CEO, Tracy Conway, said all internal systems have been shut down while the incident is investigated by a third-party digital forensics firm. Conway said no evidence has been found to date to indicate unauthorized access to its network or patient data, and no ransom demand has been received by the hospital. Disruption has been caused due to IT systems being taken offline, including phone lines to outpatient clinics and email, and the hospital has effectively been temporarily non-computerized. As a result, services have been limited until systems are restored and some appointments have been cancelled and will have to be rescheduled. The biggest impact is on radiology, as it is not possible to send images to be read. Conway said they are working around the clock to bring IT systems back online and are prioritizing the radiology and pharmacy interfaces.
Wyoming County Community Health System Reports March 2023 Cyberattack
Wyoming County Community Health System in Warsaw, NY, has recently notified 26,000 patients about a security incident that was detected on March 28, 2023. While not referred to as a ransomware attack, legal counsel for the health system said the attack disrupted its network. The forensic investigation revealed files containing patient information had been exposed and may have been viewed or acquired by unauthorized individuals in the attack.
A review of the files was completed on November 8, 2023, and confirmed they contained information such as names, Social Security numbers, driver’s license or state identification numbers, dates of birth, biometric data, medical information, health insurance information, and account numbers. The health system has implemented additional security measures to prevent similar breaches in the future and has offered affected individuals complimentary credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Southland Integrated Services Notifies Patients About October 2023 Cyberattack
Southland Integrated Services (SIS), a Californian community-based non-profit organization that operates a Federally Qualified Health Center, has recently notified certain individuals about the exposure of some of their protected health information. SIS explained in its November 10, 2023, breach notification letters that suspicious activity was detected within its computer systems on October 18, 2023.
The forensic investigation confirmed its systems had been accessed by an unauthorized third party between October 16 and October 18, 2023, and during that time, documents were viewed that contained patient data such as names, addresses, dates of birth, vaccination statuses, Social Security numbers, driver’s license numbers, and/or financial account information. Additional safeguards have been implemented to prevent similar breaches in the future and complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. The incident has been reported to regulators but is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
