Weiser Memorial Hospital Investigating Cyberattack
Weiser Memorial Hospital in Idaho recently experienced a cyber incident and is investigating claims that a cybercriminal group stole data in the attack. It is unclear exactly when the attack occurred. The notice about the cyberattack was added to the hospital’s Facebook page on September 5, 2024, and the post was updated on September 17, 2024, confirming that the hospital is still working on restoring full functionality to its systems.
Weiser Memorial Hospital did not name the group behind the attack, but this appears to have been an attack by the Embargo ransomware group. Embargo is a relatively new ransomware-as-a-service group that emerged earlier this year. The group is known to engage in double extortion, stealing data from victims before encrypting files with ransomware. At this stage of the investigation, it is unclear to what extent patient data was involved. Weiser Memorial Hospital said it is currently researching to determine if the group’s claims are factual. If data has been stolen, notification letters will be mailed to the affected individuals. In the meantime, steps are being taken to improve cybersecurity to prevent similar incidents in the future. Weiser Memorial Hospital said further information about the incident will be released as the investigation progresses.
Asheville Arthritis and Osteoporosis Center, North Carolina
Asheville Arthritis and Osteoporosis Center in North Carolina has confirmed that the protected health information of 58,251 patients was compromised in a recent cybersecurity incident. The attack occurred on or around May 22, 2024, and third-party cybersecurity experts have been helping to investigate the incident and determine the scope and extent of unauthorized access to its systems and personal information.
It has now been confirmed that the parts of the systems accessible to the attackers contained protected health information such as names, addresses, dates of birth, telephone numbers, Social Security numbers, and medical information, including medical notes, lab results, diagnoses, and health insurance information. While data has been exposed, Asheville Arthritis said it has no reason to believe that any of the impacted information has been misused; however, as a precaution, the affected individuals have been offered complimentary credit monitoring services and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
California Department of Social Services
The California Department of Social Services (CDSS) has discovered unauthorized access to its ebtEDGE Web Admin platform, a system used to track benefits for public programs. According to a notification to the California Attorney General, there was unauthorized access to children’s data related to the Sun Bucks Program.
CDSS said employees of a contractor hired to operate the Sun Bucks call center improperly accessed case information in the system. When the unauthorized access was detected, the employees responsible had their access terminated and the matter was reported to the appropriate authorities. The information that may have been viewed included children’s names, mailing addresses, dates of birth, car numbers, and EBT account numbers.
Individuals whose benefits were compromised will be compensated for any lost benefits and new cards will be mailed to those individuals in October. CDSS and its contractor have both taken steps to minimize the risk of similar incidents in the future. It is currently unclear how many individuals have been affected.
