Share this article on:
Jacksonville, FL-based North Florida OB-GYN has discovered hackers gained access to certain parts of its computer system containing patients’ personal and health information and deployed a virus that caused widespread file encryption.
Upon discovery of the breach on July 27, 2019, networked computer systems were shut down and breach response and recovery procedures were initiated. Third party IT consultants assisted with the investigation and confirmed that parts of its networked computer systems had been subjected to unauthorized access and a virus had been used to encrypted certain files. The investigation revealed its systems had most likely been compromised on or before April 29, 2019.
While system access was confirmed, no evidence of unauthorized data access or theft of personal or medical information was found; however, unauthorized data access and data exfiltration could not be ruled out.
Protected health information potentially compromised in the attack varied from patient to patient and may have include name, demographic information, birth date, driver’s license number, ID card number, Social Security number, health insurance information, employment information, diagnoses, treatment information, and medical images.
Affected individuals have been advised to remain vigilant and review their account statements to check for unauthorized use of their information. A spokesperson for North Florida OB-GYN told HIPAA Journal, “While North Florida OB/GYN has no evidence that that any unauthorized person actually viewed, retrieved, or copied any medical or personal information or that any such information has been misused, as a precautionary measure and in order to help detect possible misuse of information, North Florida OB/GYN is offering credit monitoring and identify theft protections services to potentially affected individuals at no cost to them.”
North Florida OB-GYN has been able to recover virtually all files encrypted in the attack. It is unclear whether a ransom demand was issued and paid, or if the files were recovered from backups. North Florida OB-GYN has already taken steps to strengthen security to prevent similar incidents from occurring in the future.
The breach has been reported to the HHS’ Office for Civil Rights and appropriate state authorities. The breach report on the OCR website indicates up to 528,188 patients have been affected.
Tomo Drug Testing Discovers Sensitive Information on Drug Testing Subjects Has Been Compromised
Springfield, MO-based Tomo Drug Testing, a provider of drug screening services, has discovered an unauthorized individual has gained access to a database containing the sensitive information of drug screening subjects, including names, Social Security numbers, driver’s license numbers, state identification numbers, and drug test results.
According to a statement released by the company, the database was accessed on April 23, 2019 and May 9, 2019 by an unidentified individual who claimed to have downloaded and removed certain information from the database.
Tomo Drug Testing learned of the breach on April 23, 2019 and launched an investigation into the breach. Forensics experts were called in to determine whether information had been removed or deleted from the database. While it was not possible to determine whether the database had been copied and stolen, certain items were found to have been removed or deleted from the database.
The database appeared to have been accessed using compromised credentials. Upon discovery of the breach, the password and privileges on the account used to access the database were changed. All data has now been migrated to a more secure system and the previous system has now been decommissioned. Tomo Drug Testing is continuing to implement additional security controls to prevent further incidents from occurring in the future.
Determining who was affected and the types of information in the database was a lengthy process. It took until July 1, 2019 to discover all individuals impacted by the breach and obtained up-to-date contact information. A substitute breach notice has been issued to media outlets as it was not possible find contact information for all individuals affected.
Notification letters have now been sent and affected individuals have been offered complimentary credit monitoring and identity theft protection services as a precaution. It is currently unclear how many individuals have been impacted.