Ransomware Attacks Affect Community Access Unlimited and CareSouth Carolina Patients

Hartsville, SC-based CareSouth Carolina has notified 76,035 patients that some of their protected health information has potentially been compromised in a ransomware attack on its IT vendor, Netgain Technologies.

CareSouth Carolina was informed by Netgain on January 14, 2021 that the company had experienced a ransomware attack in December 2020, and the attackers had access to servers containing patient data from late November, some of which was exfiltrated prior to the use of ransomware.

On April 13, 2021, Netgain provided CareSouth Carolina with a copy of the data that was potentially compromised. CareSouth Carolina conducted a review of the data and on April 27, 2021 confirmed the dataset included patient names, date of birth, address, diagnosis/conditions, lab results, medications, and other clinical information. For a small number of patients, Social Security numbers were involved.

The attackers issued a ransom demand to Netgain and threatened to sell the stolen data if payment was made. Netgain took the decision to pay the ransom and received assurances that the stolen data was deleted and had not been further disclosed.

Netgain and CareSouth have since implemented additional security measures to prevent any repeat attacks, and CareSouth is offering affected patients complimentary identity theft protection services.

Community Access Unlimited Ransomware Attack Impacts 13,813 Individuals

Elizabeth, NJ-based Community Access Unlimited has started notifying 13,813 individuals that their protected health information was stored on systems that were accessed by unauthorized individuals.

Community Access Unlimited identified suspicious activity within its internal systems on November 10, 2020. The systems were immediately taken offline, and third-party forensics specialists were engaged to determine the nature and scope of the breach.

The investigation revealed its systems were accessed by unauthorized individuals between June 29, 2020 and November 12, 2020, but it was not possible to determine whether any patient data was accessed or exfiltrated by the attackers.

A review of the compromised systems revealed the following data could potentially have been accessed or obtained: Names, dates of birth, driver’s license numbers, state identification card numbers, non-resident identification numbers, health information, health insurance beneficiary numbers, and usernames and passwords.

Policies and procedures have since been reviewed and enhanced to reduce the potential for a further attack. Affected individuals have now been notified and complimentary credit monitoring and identity restoration services have been offered to potentially impacted individuals.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.