PHI Compromised in City of St. Cloud Cyberattack
Data breaches have recently been announced by Omni Healthcare Financial Holdings, McLean Hospital, Senior Lifestyle, Woodfords Family Services, and the City of St. Cloud in Florida.
City of St. Cloud, Florida
The City of St. Cloud in Florida has warned residents to be vigilant against identity theft and fraud after a March 2024 cyberattack that rendered its phone lines and online payment systems unavailable. The attack was detected on the morning of March 25, 2024, and third-party cybersecurity specialists were engaged to investigate the attack. They confirmed that the compromised systems contained residents’ names, addresses, birth dates, Social Security numbers, driver’s licenses, medical information, health insurance information, and financial account information, all of which may have been accessed or acquired in the attack.
At this stage of the investigation, it is still unclear exactly how many individuals have been affected. Notification letters will be mailed when the investigation concludes. To meet the breach reporting requirements of the HIPAA Breach Notification Rule, the city has reported the breach to the HHS’ Office for Civil Rights as affecting at least 501 individuals. The total will be updated when the final figure is known. City officials have applied for a $100,000 grant from the Florida Department of Management Services to cover the cost of additional security software.
Update August 2024: The Hunters International threat group has claimed responsibility for the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Woodfords Family Services
Woodfords Family Services, a Westbrook, ME-based provider of services to individuals with disabilities, has recently notified the HHS’ Office for Civil Rights about a cyberattack and data breach that involved the protected health information of at least 500 individuals.
Little information has been released about the incident so far, other than it being a hacking/IT incident involving protected health information stored on desktop computers, network servers, email accounts, and electronic medical records. This appears to be the second hacking/IT incident at Woodfords Family Services in the past year. On June 19, 2023, hackers gained access to its computer system and removed patient data including names, financial account numbers, and credit and debit card information, including security codes, access codes, passwords, and PINs. The breach affected 17,285 individuals according to the notice submitted to the Maine Attorney General, including the protected health information of 6,691 individuals.
Omni Healthcare Financial Holdings
Omni Healthcare Financial Holdings, the parent company of Omni Healthcare Financial and Injury Finance LLC, has confirmed that it experienced a cyberattack in January that caused network disruption. The attack was detected on January 19, 2024, and the forensic investigation confirmed that an unauthorized third party accessed its network on January 18 and potentially acquired files that contained sensitive patient data.
As a service provider to healthcare organizations, Omni Healthcare is provided with patients’ protected health information, some of which was compromised in the attack. Omni Healthcare’s document review confirmed that the information potentially obtained in the attack included patient names, contact information, dates of birth, Social Security numbers, diagnosis & treatment information, medical record numbers, treatment costs, and provider names. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 16,852 individuals. Omni Healthcare is issuing notification letters to those individuals on behalf of its affected clients and is offering complimentary credit monitoring and identity theft protection services. Omni Healthcare has also taken steps to improve security to prevent similar incidents in the future.
Senior Lifestyle
Senior Lifestyle, a Chicago, IL-based provider of skilled nursing care and operator of independent and assisted living facilities, has recently notified former patients and residents about a HIPAA breach involving a former employee. Senior Lifestyle discovered on April 4, 2024, that a former employee had improperly acquired, stored, and maintained the data of patients and residents between 2010 and 2016. Senior Lifestyle is cooperating with the police investigation and mailed notification letters to the affected individuals on May 30, 2024. The individuals affected were residents of its licensed unit, The Seasons, between 2010 and 2016.
The information improperly accessed included demographic data such as full names and dates of birth, and clinical information such as prescription medications, prescription numbers, and prescription dates. Internal policies and been reviewed and updated and employees have been re-educated on data privacy and the HIPAA Rules. Regulators have been notified; however, the incident is not yet showing on the OCR breach portal, so it is currently unclear how many individuals have been affected.
