HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Nebraska Medicine Notifies 219,000 Patients About September 2020 Malware Attack

Nebraska Medicine has started notifying approximately 219,000 patients about a malware attack that allowed an unauthorized individual to view and obtain patient information.

Nebraska Medicine identified unusual activity in some of its systems on September 20, 2020. All affected devices were isolated to contain the breach and impacted systems were shut down to prevent any further unauthorized access. Independent computer forensics experts were engaged to conduct an investigation and determine the nature and scope of the security breach.

The investigation confirmed that an unauthorized individual first gained access to the network on August 27, 2020 and deployed malware. Between August 27 and September 20, that individual copied certain files, some of which contained patient information.

The files contained information about patients who received medical services at The Nebraska Medical Center or University of Nebraska Medical Center, as well as a limited number of patients who visited Faith Regional Health Services, Great Plains Health, or Mary Lanning Healthcare.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The protected health information obtained in the attack included one or more of the following data elements: Name, address, date of birth, medical record number, health insurance information, physician notes, laboratory results, imaging, diagnosis information, treatment information, and/or prescription information, and a limited number of Social Security numbers and driver’s license numbers.

Affected individuals were notified about the breach on February 5, 2021. Individuals whose Social Security or driver’s license number was compromised have been offered complimentary credit monitoring and identity theft protection services. Nebraska Medicine continues to monitor its IT environment for potential breaches and network monitoring tools have been enhanced.

Phishing Attack Affects 2,644 Hackley Community Care Patients

Hackley Community Care in Muskegon, MI is alerting 2,644 patients that some of their protected health information has been exposed and may have been viewed by unauthorized individuals.

In September 2020, a phishing email was sent to several staff members that contained a link to a malicious website. One employee clicked the link and entered their login credentials which were captured and used by the attacker to remotely access the employee’s email account between September 7 and September 24, 2020.

The investigation into the incident confirmed only one email account had been compromised and no evidence was found to indicate any emails in the account were opened. A review of the compromised email account was completed on December 18, 2020 and all individuals are now being notified if they have been affected.

For most of the affected individuals, the breach was limited to names and addresses. Individuals who had more sensitive data exposed have been offered complimentary credit monitoring services through TransUnion. Hackley Community Care is implementing additional security measures to prevent similar incidents in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.