Great Plains Regional Medical Center: 133,000 Patients Affected by Ransomware Attack
Great Plains Regional Medical Center in Elk City, OK, has fallen victim to a ransomware attack. The attack was detected on September 8, 2024, when files were encrypted. A third-party cybersecurity firm was engaged to assist with the investigation and determined that access was gained to its network on September 5, 2024, and continued until the incident was detected on September 8.
Prior to encrypting files, the threat actor exfiltrated data from its systems that included names, demographic information, health insurance information, driver’s license numbers, clinical treatment information such as diagnosis and medication information, and Social Security numbers. Great Plains Regional Medical Center said it was able to quickly restore access to its systems, return to normal operations, and recover most of the encrypted data; however, a limited amount of patient data could not be recovered. Great Plains Regional Medical Center did not disclose the name of the ransomware group.
The ransomware attack has recently been reported to the HHS’ Office for Civil Rights as involving the protected health information of 133,149 current and former patients. Individuals whose Social Security numbers were stolen have been offered complimentary credit monitoring services. Steps have also been taken to enhance security to prevent similar incidents in the future.
Brunswick Hospital Center
Brunswick Hospital Center, an Amityville, NY psychiatric hospital, has alerted patients about a September cyberattack that saw an unauthorized third-party access or copy sensitive patient data. Suspicious activity was identified in its computer systems on September 3, 2024, and immediate action was taken to secure its systems and prevent further unauthorized access. Third-party cybersecurity experts were engaged to determine the nature and scope of the unauthorized activity and confirmed unauthorized access to its network between July 17, 2024, and August 6, 2024. Brunswick Hospital Center is confident that there has been no unauthorized access to its systems since that date.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the affected files is ongoing; however, Brunswick Hospital Center has determined that the files on the compromised parts of the network included full names, addresses, dates of birth, Social Security numbers, dates of service, patient ID numbers, procedure codes, procedure costs, procedure and provider information, diagnoses, health insurance information, claims information, and information related to payment for healthcare services.
Brunswick Hospital Center is reviewing its policies, procedures, and security tools and will take steps to reduce the risk of similar breaches in the future. The breach was reported to the HHS’ Office for Civil Rights as involving the records of at least 500 individuals. The total will be updated when the file review is concluded.
Hawaii Radiologic Associates
Hawaii Radiologic Associates, a provider of diagnostic imaging services in East and West Hawaii, has notified 23,205 individuals about a cyberattack detected on August 26, 2024, that may have involved unauthorized access to protected health information.
The forensic investigation revealed an unknown actor gained access to its systems between August 20, 2024, and August 25, 2024, and on September 6, 2024, it was determined that files containing patient data may have been viewed or acquired. Those files were reviewed and confirmed to contain names, addresses, dates of birth, health insurance information, subscriber IDs, examination types, and indications of why the examinations were provided. Hawaii Radiologic Associates said it is reviewing its protocols, policies, and procedures and will take steps to reduce the risk of similar incidents in the future.
