Hospital, Pharmacy, and Dental Practice Report Hacking Incidents Impact More Than 355,000 Patients

A hacker gained access to the IT network of Altamonte Springs, FL-based BioPlus Specialty Pharmacy Services and accessed files containing sensitive patient data. The intrusion was detected on November 11, 2021, and steps were immediately taken to remove the hacker from its network. Assisted by a third-party computer forensics firm, BioPlus determined its IT environment was compromised on October 25, 2021, and the hacker was removed from its systems on November 11.

The investigation confirmed files containing the protected health information of certain patients had been accessed, but it was not possible to rule out the possibility that the hacker accessed the PHI of all of its patients. The decision was therefore taken to notify all 350,000 current and former patients about the breach.

Files that were accessible to the hacker included patient names, dates of birth, addresses, medical record numbers, current/former health plan member ID numbers, claims information, diagnoses, and/or prescription information. Some patients also had their Social Security number exposed. Notification letters started to be mailed on December 10, 2021. Patients who had their Social Security number exposed have been offered complimentary credit monitoring and identity protection services. BioPlus said it has implemented additional safeguards to prevent similar breaches in the future.

IT Systems Still Down a Week After Cyberattack on Capital Region Medical Center

Capital Region Medical Center (CMRC) in Jefferson City, MO, has confirmed it was the victim of a cyberattack that forced the shutdown of its network and phone systems. The cyberattack was detected on December 17, 2021, and its network and phone system are still offline. The medical center is operating on its downtime procedures and patients are being seen, but certain appointments have been canceled. The cyberattack has also affected Capital Region’s pharmacies.

“While our information security team is working diligently to bring our systems back online as quickly, and securely, as possible, nothing is more important to us than the health and safety of our patients and continuing to provide the care our patients expect,” said Lindsay Huhman, CRMC director of marketing and communications, said in a news release. “There are downtime procedures in place for physicians, nurses, and staff to provide care in these types of situations, and our staff is committed to doing everything they can to mitigate disruption and provide uninterrupted care to our patients.”

5,356 Individuals Affected by Data Breach at Weddell Pediatric Dental Specialists

Weddell Pediatric Dental Specialists in Carmel, IN, has started notifying 5,356 individuals that an unauthorized individual gained access to an employee’s email account that contained their protected health information.

The email account breach was detected on July 23, 2021, and the account was immediately secured. Assisted by third-party cybersecurity professionals, the dental practice confirmed the breach was limited to one employee email account. The review and analysis of emails and attachments in the account were completed on October 27, 2021, and revealed the account contained patient names, along with one or more of the following data elements: date of birth, medical diagnosis, medical treatment information, financial account information and in some instances Social Security numbers.

Individuals who had their Social Security number exposed have been offered complimentary credit monitoring services for 12-months. Weddell Pediatric Dental Specialists said no information has been received to indicate any patient data has been misused.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.