New Hampshire, Texas, and Oregon Healthcare Providers Fall Victim to Ransomware Attacks
Ransomware groups have conducted attacks on three healthcare organizations: Northeast Rehabilitation Hospital Network in New Hampshire, Coastal Plains Community MHMR Center in Texas, and Sutton Dental Arts in Oregon.
Hunters International Claims Responsibility for Northeast Rehabilitation Hospital Network Cyberattack
Neuro Rehab Associates, Inc., which does business as Northeast Rehabilitation Hospital Network, and operates 4 New Hampshire inpatient hospitals and more than 25 outpatient rehabilitation facilities in New Hampshire and Massachusetts, has recently disclosed a cyberattack and data breach. The incident was detected on or around May 22, 2204, when suspicious activity was identified in its computer systems. The forensic investigation confirmed that there had been unauthorized access to its network between May 13, 2024, and May 22, 2024, and during that time, files containing patient data may have been acquired.
Northeast Rehabilitation Hospital Network said it has not identified any misuse of the data, although the affected patients have been advised to be vigilant against identity theft and fraud. A review of the affected files is ongoing, but it has been confirmed that the types of data involved include names, contact information, dates of birth, Social Security numbers, patient identification numbers, medical record numbers, medical information, treatment information, diagnosis information, health insurance information, driver’s license/state identification numbers, and financial account information.
Northeast Rehabilitation Hospital Network reported the breach to the HHS’ Office for Civil Rights as involving the protected health information of at least 501 individuals. The total was later updated to 136,724 individuals. A previous breach reported to OCR by Northeast Rehabilitation Hospital Network in November 2021 states that 500 individuals were affected by a network server hacking incident, another commonly used placeholder. Since this post was published, the total has been updated to 190,220 affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Northeast Rehabilitation Hospital Network said it is reviewing its privacy and security policies, procedures, and processes to reduce the likelihood of a similar future event. Credit monitoring and identity theft protection services do not appear to have been offered to the affected individuals. The nature of the incident was not disclosed in the substitute breach notice, but this appears to have been a ransomware attack or extortion incident conducted by the Hunters International threat group, which has added the healthcare provider to its data leak site and claims to have exfiltrated 410 GB of data.
Coastal Plains Community MHMR Center Ransomware Attack Affects 45,357 Individuals
Coastal Plains Community MHMR Center, a Texas-based provider of mental health services that does business as Coastal Plains Community Center and Coastal Plains Integrated Health, has notified 45,357 individuals that some of their sensitive information was compromised in a November 2023 ransomware attack. Suspicious activity was detected within its network on November 13, 2023, consistent with a ransomware attack. Third-party cybersecurity professionals were engaged and confirmed the ransomware attack and unauthorized access to its systems between November 12 and November 13, 2024. During that time, there may have been unauthorized access to patient data, which may have been copied from its systems.
The review of the affected systems confirmed that they contained names, dates of birth, birth certificates, Social Security numbers, driver’s license numbers/government IDs, other government-issued IDs, passport numbers, medical record numbers, patient account numbers, medical provider names, health insurance information, clinical or treatment information, financial account information, and taxpayer identification numbers. The types of data involved varied from individual to individual. Following the attack, Coastal Plains Community MHMR Center changed access and authentication controls, enhanced its threat detection and monitoring processes, and is continuing to work with leading privacy and security firms to better protect patient data.
Sutton Dental Arts Victim of April 2024 Ransomware Attack
Sutton Dental Arts, a Roseburg, OR-based dental care, orthodontics, and cosmetic dentistry provider, fell victim to a ransomware attack in April 2024 that rendered its systems inoperable due to the file encryption. Third-party cybersecurity specialists were engaged to help secure its systems, determine the scope of the incident, and restore the encrypted data. They confirmed that there had been unauthorized access to certain systems, and files in those systems were accessed by the threat actor.
The press release announcing the breach confirmed that the file review was recently completed and that misuse of the compromised data has not been identified. The press release does not state what types of information were compromised in the attack. The HIPAA breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 4,109 patients.
