Share this article on:
Sonoma Valley Hospital in California experienced a computer security incident on October 11, 2020 which took its computer systems offline and caused “a significant downtime event.”
The hospital implemented its business continuity plan which allowed care to continue to be provided to patients while its computer systems were out of action. Throughout the incident its emergency department remained open and elective and necessary surgeries continued to be performed. The majority of diagnostic services continued without interruption, although the incident did cause disruption for some patients. The patient portal has remained available throughout, although new results have not been posted since October 11.
An investigation into the incident was immediately launched and third-party cybersecurity experts were engaged to assist with the investigation and recovery efforts. In a December 8, 2020 letter to patients, the hospital explained that patient data may have been compromised during the attack. The letter confirms ransomware was used to encrypt files in an attempt to extort money from the hospital. The attack is believed to have been conducted by a Russian threat actor, and was part of a broader campaign targeting many hospitals in the United States.
Sonoma Valley Hospital confirmed the attack was detected the same day it occurred and steps were immediately taken to expel the attackers from the network. The hospital was able to recover encrypted data from backups without paying the ransom demand; however, it was not possible to rule out unauthorized access to the protected health information of approximately 67,000 patients.
The types of information potentially accessed includes names, addresses, birthdates, insurer group numbers and subscriber numbers, diagnosis or procedure codes, dates of service, place of service, amount of claims, and secondary payer information. Individuals who received imaging services and individuals who received a service that resulted in a grievance, appeal, or quality review, may have had additional medical record data exposed, such as imaging tests or other health information.
There have been no reported cases of misuse of patient information.
Lycoming-Clinton Joinder Board Uncovers Further Data Breach
Lycoming-Clinton Joinder Board (LCJB), which runs programs providing services to individuals with mental illness or intellectual disabilities in Lycoming and Clinton Counties in Pennsylvania, is alerting 14,500 patients that some of their protected health information has potentially been compromised.
On August 10, 2020, while investigating an earlier data breach, LCJB discovered the email accounts of three employees had been accessed by an unauthorized individual. An analysis of the email accounts confirmed they contained patient information, but it was not possible to determine if any information in the accounts had been viewed or obtained by unauthorized individuals.
Information in the accounts varied from patient to patient and may have included names, addresses, dates of birth, medical record numbers, health insurance numbers, medical histories (including diagnoses, substance abuse, lab tests and results, mental or physical health evaluations, and treatment or provider information), costs of care, or circumstances of abuse. A limited number of Social Security numbers were also exposed.
The investigation confirmed the three email accounts were intermittently accessed by an unauthorized individual between August 5, 2020 and August 10, 2020. The earlier breach, which was discovered on June 23, 2020, was also an email security incident, which affected two employee email accounts. Those accounts were accessed by an unauthorized individual between June 19, 2020 and June 23, 2020 and contained the records of 3,905 patients. While there were similarities between both incidents, it was not possible to tell if the same individual was responsible.
In response to the incidents, LCJB has taken several steps to improve email security, including increasing password complexity, implementing 2-factor authentication for remote access, restricting access to systems to users within the United States, and enhancing its cybersecurity training program for staff members. Policies and procedures have also been developed and implemented that require personal information to be securely deleted regularly from the email system and the network.
1,700 Patients of Coast Dental Notified About Possible Theft of PHI
Tampa, Florida-based Coast Dental has started notifying 1,700 patients that records containing their protected health information are missing and have potentially been stolen.
A moving truck containing equipment and patient records was stolen from a parking lot in Atlanta, GA during the night of 6/7 August 2020. The theft was reported to the police department and the truck was recovered and impounded the following day. The truck was locked to secure the contents until the vehicle was released by the police department. An inventory of the contents of the truck was conducted between August 26-28, 2020 which revealed patient records were missing.
On October 13, 2020, notification letters were sent to all patients whose records may have been stolen and, out of an abundance of caution, patients whose Social Security number was potentially compromised have been offered complimentary credit monitoring services.
In response to the incident, Coast Dental has re-educated its workforce and has refined processes to better secure patient information.