HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

EmergeOrtho & General Health System Victims of Ransomware Attacks

EmergeOrtho, a North Carolina orthopedic practice, has recently notified 68,661 patients that some of their protected health information has been accessed by unauthorized individuals. According to EmergeOrtho’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on May 18, 2022. The forensic investigation confirmed that the threat actors behind the attack had accessed files containing patients’ protected health information.

A comprehensive review of all affected files confirmed on August 19, 2022, that they contained information such as first and last names, addresses, Social Security numbers, and, for certain individuals, date of birth. No medical records, treatment information, or financial information was compromised in the attack and no evidence has been identified that suggests any of the affected information has been specifically misused.

EmergeOrtho said leading IT specialists were engaged to confirm the security of its network environment, steps will continue to be taken to enhance the security of its systems, and additional monitoring tools have been deployed to proactively identify any future attempted intrusions. EmergeOrtho has offered affected individuals a complimentary membership to single bureau credit monitoring services.

General Health System Notifies Patients About Ransomware Attack and Data Theft

Baton Rouge, LA-based General Health System, which operates Baton Rouge General Medical Center, has recently confirmed that unauthorized individuals gained access to its network and exfiltrated files containing patient data. The forensic investigation confirmed that the attackers had access to its network and files within certain directories between June 24, 2022, to June 29, 2022. The cyberattack was detected on June 28, 2022.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

General Health System said the investigation into the attack is ongoing and a comprehensive review is being conducted of all files within the directories that could have been accessed. At this stage, the extent to which patient data has been compromised has yet to be confirmed and it is currently unclear how many individuals have been affected. Notification letters will be sent once that process has been completed.

The attack has caused some disruption to operations, and while care continues to be provided to patients, ambulances have been directed to alternative facilities. General Health System did not provide details on the nature of the attack; however, the Hive ransomware group has claimed responsibility and has started to add some of the stolen data to its leak site, which suggests the ransom was not paid.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.