Ransomware Attacks Reported by 5 HIPAA Covered Entities and Business Associates

Professional Business Systems, Inc. operating as Practicefirst Medical Management Solutions and PBS Medcode Corp, a provider of medical management services involving data processing for healthcare providers, has suffered a ransomware attack in which files containing patient information were obtained by the attackers.

The ransomware attack was identified on December 30, 2020, and its systems were promptly shut down in an effort to contain the attack. Third-party cybersecurity experts were engaged to investigate the incident and law enforcement was notified.

Practicefirst has not confirmed whether the ransom was paid but did say it received assurances from the attacker that the files copied from its systems have been destroyed and were not further disclosed.

There have been no identified cases of misuse of patient information; however, all affected individuals have been advised to monitor their accounts for any sign of fraudulent activity.

The types of patient information contained in the files differed from patient to patient and may have included the following data elements:  name, address, email address, date of birth, driver’s license number, Social Security number, diagnosis, laboratory and treatment information, patient identification number, medication information, health insurance identification and claims information, tax identification number, employee username with password, employee username with security questions and answers, and bank account and/or credit card/debit card information.

Additional security protocols have since been implemented to better protect its network, email, and other IT systems.

The incident has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 1,210,688 individuals.

Prima Pediatrics Suffers Suspected Ransomware Attack

Prima Pediatrics has discovered some of its computer systems have been compromised and malware was installed that “rendered a few of our computer systems inoperable and the data stored on those systems inaccessible.”

Prima Pediatrics said most of the data on the affected computers is thought to have been encrypted at the time of the attack, and there have been no reports of improper use of patient data. The investigation uncovered no evidence to suggest any patient data was exfiltrated by the attackers. Protected health information stored on the affected systems included names, diagnoses and medical conditions, and medical histories.

All patients potentially affected by the incident have been notified and advised to monitor their accounts and explanation of benefits statements for any sign of fraudulent activity. Prima Pediatrics will be assessing and modifying its privacy and data security policies and procedures to prevent similar situations from occurring in the future.

Hoya Optical Labs Ransomware Attack Affects More Than 3,000 Patients

Hoya Optical Labs has started notifying some of its patients about a ransomware attack in which some of their protected health information may have been compromised.

Hoya Optical Labs, which is based in Japan, said only its U.S. systems were affected. The attack is believed to have been conducted by a cybercriminal organization known as Astro Team, which claimed on its blog that around 300 GB of data were stolen prior to file encryption. Some of that data has been leaked online.

The ransomware attack was detected by Hoya Optical Labs on April 5, 2021, with its systems initially breached on March 15, 2021. 3,259 patients have been affected, with the following types of data stolen in the attack: Names, addresses, phone numbers, Social Security numbers, medical information, driver’s license numbers, payroll information, and usernames and passwords to financial accounts.

The attack was reported to law enforcement and affected individuals have been notified. Steps have been taken to improve system security and governance practices and ongoing monitoring will be enhanced to help prevent any future attacks.

Penn Foundation Reports February 2021 Ransomware Attack

Penn Foundation, a West Rockhill Township, PA-based nonprofit provider of behavioral health and substance abuse services has been hit with a ransomware attack in which client data may have been stolen.

The cyberattack was identified on February 10, 2021, when employees were prevented from accessing their computers. A third-party cybersecurity firm was engaged to assist with the investigation and remediation of the attack and confirmed that files containing client information may have been exfiltrated prior to the use of ransomware to encrypt files.

A review of the compromised systems showed they contained the protected health information of clients, but it is currently unclear how many of the healthcare provider’s 17,197 clients have been affected. Penn Foundation said the ransom was not paid.

Minnesota Community Care Affected by Netgain Ransomware Attack

St, Paul, MN-based Minnesota Community Care (MCC) is one of the latest healthcare providers to announce that it was affected by the November 2020 ransomware attack on the cloud-based IT service provider Netgain Technologies. Netgain detected the attack on November 24, 2020, and notified MCC on February 25, 2021, that some of its data files had been accessed and exfiltrated in the attack.

MCC reviewed the data files and confirmed on April 30, 2021, that the files contained the personal and protected health information of 64,855 patients. The compromised data included full names with one or more of the following types of data:

Social Security number; driver’s license number; government identification number; date of birth; credit card/debit card; account password/PIN/CVN/access code/expiration date for credit card/debit card; diagnosis/diagnosis code; medical history/condition/treatment/hospital unit/physician name/date of service; medical record number; patient account number; Medicare/Medicaid number; health insurance policy number; username/email address and password for financial electronic account; and/or username/email address and password for non-financial electronic account.

There have been no reported cases of misuse of patient data. Affected individuals were notified on June 8, 2021, and individuals whose Social Security number was compromised have been offered a complimentary one-year membership to Experian’s credit monitoring service.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.