Ransomware Attack Affects 81,000 Howard University College of Dentistry Patients

Howard University College of Dentistry discovered on September 3, 2021, that unauthorized individuals had gained access to its network and used ransomware to encrypt files. An announcement was made by the university shortly after the attack that it had been forced to cancel online and hybrid classes while its systems were restored, and that a nationally recognized computer forensics firm had been engaged to investigate the incident to determine the extent of the attack and whether sensitive information was accessed or stolen.

On September 24, 2021, the university determined that a system that housed patients’ dental records was affected by the attack. No specific evidence of unauthorized access or data exfiltration was found, although dental records were encrypted. The encrypted records related to dental visits between October 5, 2019, and September 3, 2021, and included information such as names, contact information, dates of birth, dental record numbers, health insurance information, dental history information, and for a limited number of patients, Social Security numbers.

The university has notified all affected patients by mail and has advised them to monitor their account statements for any sign of fraudulent activity and said it has further enhanced its cybersecurity measures to better protect against future cyberattacks and data breaches.

Howard University College of Dentistry recently reported the incident to the HHS’ Office for Civil Rights that affected up to 80,915 patients.

Great Plains Manufacturing Health Plan Members Affected by Cyberattack

Kansas-based Great Plains Manufacturing has notified 4,110 employees that some of their protected health information has potentially been compromised in a cyberattack that was discovered on October 11, 2021.

The investigation confirmed unauthorized individuals first gained access to its systems on September 28, 2021, and access remained possible until October 11, 2021, when the breach was detected, and the hackers were ejected from its network. A review of the affected file server revealed on November 1, 2021, that files had been accessed that contained information such as names, dates of birth, Social Security numbers, health insurance numbers, and members’ health plan selection.

The breach only affected employees and their dependents who were covered by the Great Plains Manufacturing, Inc. Employee’s Beneficiary Association Trust health plan. Notifications were sent to affected individuals on December 1, 2021, and all affected individuals have been offered complimentary identity theft monitoring services for 12 months.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.