Hacking Incidents Reported by Chippewa County and Frideres Dental
The Chippewa County Human Resources Division in Wisconsin has recently discovered that the laptop computer of an employee has been compromised and 25-35MB of data was stolen from the device, including information protected under HIPAA.
Access to the device was gained through a remote access application, which was downloaded to the device on February 28, 2023. An unknown individual then used the application to access the computer. The employee noticed the access on March 1, 2023, and alerted the IT department, which was able to block further access. According to Chippewa County officials, the unauthorized individual had access to the device for approximately 5 minutes, during which time files were exfiltrated. The investigation confirmed that the breach was limited to one device.
It is unclear how the remote access application was downloaded to the device, but it is suspected that this was a drive-by download after the employee inadvertently clicked a link in a phishing email or on a website, or via a website pop-up. The files were reviewed, and it was confirmed that 7 of the copied files contained protected health information such as names, medical history numbers, prescription information, and the date the prescriptions were signed, and the prescribing doctors’ initials. The breach was reported to the HHS’ Office for Civil Rights as affecting 842 individuals.
Cyberattack Affects Frideres Dental Patients
Frideres Dental in Oregon has recently confirmed that the protected health information of 1,596 patients has potentially been compromised in a cyberattack. It is unclear from the breach notice when the attack occurred and when it was detected, but the review of the affected files was completed on January 25, 2023, and a list of the affected patients was obtained. The files potentially accessed or obtained included names, dates of birth, medical treatment information, health insurance information, and, for a limited number of individuals, Social Security numbers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
No reports have been received to date to indicate misuse of any of the affected information; however, as a precaution, Frideres Dental is offering 12 months of complimentary credit monitoring services to affected individuals.
Henrico Doctors’ Hospital Reports Email Error
Henrico Doctors’ Hospital in Virginia has notified 990 individuals about an email error that exposed email addresses and identified them as having received surgery at the hospital. No other information was exposed.
On February 7, 2023, the hospital discovered that an employee had accidentally sent a group email where the email addresses were put in the To field rather than the BCC field, and could therefore be viewed by all recipients of the email. Steps have been taken by the hospital to prevent similar incidents in the future.
