Share this article on:
Illinois Gastroenterology Group has recently announced that unauthorized individuals gained access to its computer environment and potentially accessed and exfiltrated sensitive patient data. The cyberattack was detected on October 22, 2021, when suspicious activity was identified within its computer network.
Third-party cybersecurity specialists were engaged to investigate the attack and determine the nature and scope of the incident. On November 18, 2021, Illinois Gastroenterology learned that the parts of its systems that were accessed by unauthorized individuals contained patient information such as names, addresses, birth dates, Social Security numbers, driver’s license numbers, passport numbers, financial account information, payment card information, employer-assigned identification numbers, medical information, and biometric data.
Illinois Gastroenterology said it was not possible to rule out unauthorized viewing or theft of files containing patient data, but at the time of issuing notification letters, no reports had been received to suggest any fraudulent misuse of the impacted information. The review of the affected files was completed on March 22, 2022, and notification letters have now been sent to affected individuals.
In response to the breach, policies and procedures related to network security were reviewed and augmented, the implementation of an enhanced managed Security Operations Center was accelerated, and multi-factor authentication has been implemented. While the security breach was not confirmed as involving ransomware, Illinois Gastroenterology said a new endpoint detection and response platform has been deployed that has policies enabled specifically for ransomware.
The data breach has recently been reported to the HHS’ Office for Civil Rights as affecting up to 227,943 patients.
Data of Patients of the Mental Health Center of Greater Manchester has been Exposed
The Mental Health Center of Greater Manchester (MHCGM) in New Hampshire has announced that patient data was potentially compromised in a cyberattack at a third-party community mental health services partner, Center for Life Management (CLM), which was used for data storage.
On February 21, 2022, CLM’s systems were accessed by an unauthorized individual. The attack was detected on February 23, 2022, and systems were immediately secured to prevent further unauthorized access. The breach was confined to CLM’s systems and the security of MHCGM’s systems was not affected.
CLM investigated the incident and it was confirmed on April 11, 2022, that the attackers potentially accessed and exfiltrated files containing patient information such as names, addresses, birth dates, Social Security numbers, diagnoses, medical information, discharge information, and treatment locations and/or healthcare providers.
No evidence was found to indicate any specific information was viewed or obtained by unauthorized individuals as a result of the attack; however, affected individuals have been offered 12 months of complimentary credit monitoring. MHCGM said it is no longer using CLM for data storage and is working on removing all data from CLM’s systems.
The HHS’ Office for Civil Rights breach portal indicates 1,322 MHCGM patients have been affected.