Roundup of Recent Healthcare Data Breaches
A roundup of healthcare data breaches and security incidents recently reported to the HHS’ Office for Civil Rights and by media.
Texas Network of Walk-in Clinics Attacked with Maze Ransomware
AffordaCare Urgent Care Clinic, a network of walk-in clinics in Texas, has been attacked by the Maze ransomware gang. According to a recent report on DataBreaches.net, the hackers stole 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom.
The published data included patient contact details, medical histories, diagnoses, billing information, health insurance information, and employee payroll data. It is currently unclear how many patients have been affected as the breach has not yet appeared on the HHS’ Office for Civil Rights breach portal.
Tandem Diabetes Care Patients Notified About Phishing Attack
Tandem Diabetes Care, Inc. in San Diego, CA has been targeted by cybercriminals who gained access to the email accounts of a limited number of its employees between January 17, 2020 and January 20, 2020. The attack was discovered on January 17, 2020 and a cybersecurity firm was engaged to assist with the investigation.
An analysis of the compromised accounts revealed they contained patients’ names, contact information, clinical information related to diabetes care, and information about customers’ use of Tandem’s products and services. A limited number of Social Security numbers may also have been compromised.
Tandem is enhancing its email security controls, strengthening user authorization and authentication, and has changed its policies and procedures to limit the types of data that can be sent via email. Affected patients were notified about the breach on March 17, 2020.
The HHS’ Office for Civil Rights breach portal indicates 140,781 patients have been affected by the breach.
Foundation Medicine Email Account Breach Detected
The Cambridge, MA-based provider of genomic profiling services, Foundation Medicine, has discovered the email account of an employee has been compromised as a result of a response to a phishing email.
The incident was discovered on January 14, 2020. A third-party forensics firm was engaged to conduct an investigation and determined the email account was accessible between December 17, 2019 and January 14, 2020. During that time, an unauthorized individual potentially accessed patient information in the email account which included patient names, dates of birth, ages, test names, ordering physicians’ names, and FMI ID numbers.
Foundation Medicine has notified all affected patients and additional security awareness training has been provided to the workforce.
Randleman Eye Center Suffers Ransomware Attack
Randleman Eye Center in North Carolina has experienced a ransomware attack that affected a server containing patients’ protected health information. The attack was detected on January 13, 2020 and a third-party computer forensics firm was retained to assist with the investigation.
The investigation is ongoing, but the investigators have determined patient information was encrypted in the attack and could potentially have been accessed by the attackers. The server contained, names, dates of birth, genders, and digital retinal images.
Randleman Eye Center has notified affected patients and will be taking steps to improve security to prevent similar attacks in the future. The OCR breach report indicates 19,556 patients have been affected.
Torrance Memorial Medical Center Discovers Exposure of Patients’ Radiology Images
Torrance Memorial Medical Center (TMMC) in California has discovered a server used by a third-party radiology vendor had security protections removed that allowed certain patient information to be accessed by unauthorized individuals.
TMMC was notified about the potential data breach by its radiology vendor on January 6, 2020. The investigation revealed protections were accidentally removed on June 20, 2019 and the server could be accessed by unauthorized individuals up to December 13, 2020.
The risk to each patient is believed to be low, as radiology images were only stored on the server for a short period of time. Every 24 hours, images on the server are automatically deleted. However, over the course of 6 months, the server temporarily stored the medical images of 3,448 patients. Those radiology images included names, dates of birth, gender, accession number, medical record number, and referring physician names.
Even though the risk to patients is believed to be low, TMMC has offered complimentary identity theft protection services to all affected patients.
PHI of 2,190 Patients Stolen in Burglary at California Dental Practice
On January 16, 2020, Genuine Dental Care in Saratoga, CA discovered thieves had broken into its offices and had stolen a server that contained the protected health information of 2,190 patients. Data on the server required multiple passwords to be entered in order for patient information to be accessed; however, it is possible that the thieves accessed patient data.
Patient information stored on the server included names, addresses, telephone numbers, Social Security numbers, drivers’ license numbers, health insurance information, dental records, and some financial information including credit card numbers. Genuine Dental Care also reports that medical images of certain patients that received dental treatment between June 2019 and January 2020 have been permanently lost.
The incident was reported to the San Jose Police Department, which is conducting an investigation. Genuine Dental Care has taken steps to improve physical security and additional technical controls have been implemented to further protect patient data.