IANS reports: New Delhi: In a startling revelation, US-based cyber security firm FireEye said on Thursday that hackers broke into a leading India-based healthcare website, stealing 68 lakh records containing patient and doctor information. Without naming the website, FireEye said cyber criminals — mostly China-based — are directly selling data stolen from healthcare organisations and web portals globally including in India in the underground markets. “In February, a bad actor that goes by the name “fallensky519″ stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials,” FireEye said in its report shared with IANS. Read more on Gulf News.
Jessica Davis reports: Healthcare organizations are increasingly being targeted with financially motivated cyberattacks by hackers attempting to gain access to valuable patient records and others sensitive information, according to FireEye researchers. While it’s been clear for some time that hackers have targeted the healthcare sector given many providers operate on outdated or unsupported systems, new FireEye research explains the motivation behind the hacks, including attempts to steal research data. Recent cyberattacks revealed that hackers are conducting focused attacks on specific targets that house or have access to troves of patient data. Other cyberattacks are more opportunistic in nature given some providers’ poorly secure networks or infrastructure, researchers explained. Read more on Health IT Security.
Frank J. Fanshawe, Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing the Department of a potential cybersecurity incident. The updated protocol is considered effective immediately from a healthcare provider’s receipt of the notice letter. Read more on Workplace Privacy, Data Management & Security Report.
Liz Freeman reports: The NCH Healthcare System is investigating a data security breach in which an unauthorized entity gained access to some employees’ email accounts, according to hospital officials. NCH became aware June 14 of suspicious activity related to its payroll system and launched an investigation. Read more on Naples Daily News. NCH’s notice on their web site does not make clear whether any of the affected employee email accounts might have held patient data. I would guess that that is still under investigation, but as of the time of this posting, there had been no statement that any patient data were impacted.
I wonder if HHS will need to take on more staff to deal with all the HIPAA breaches being disclosed this year. In July alone, this blogger logged approximately 65 reports on my worksheet, although a number of them were all reporting on a few business associate breaches. In any event, there are a lot of reports to wade through each month. Here are two more that were disclosed over the past 48 hours: Eye Care Associates describes themselves as a fully integrated regional eye care provider serving a three-county area in Northeastern Ohio. Andrea Wood of Business Journal Daily reports that they were hit by ransomware: – Eye Care Associates Inc., the largest ophthalmology and optometry practice in the region, was the victim of a ransomware attack two weeks ago that locked – and still locks – its computer systems. As of this posting, the computer system is still down, although operations should be fully restored in “the next day or two,” Mary Jo Sierra, director of operators, said Tuesday. No patient data or other sensitive information was stolen, she emphasized. Of course, “stolen” is only one risk with an attack. Were the data corrupted or made unusable which would impact patient care? In this case, the provider had a usable backup of data (good for them!), but their ability to book patient appointments for a few weeks sounded pretty impaired or compromised. Read more on Business Journal Daily. While Eye Care Associates worked on recovery in Ohio, a Minnesota dental practice has been dealing with the aftermath of some external attack that is not clearly specified in their press release (below). I could not really figure out what they were describing, but haven’t had time to call them to ask. Maybe one of the other sites that covers HIPAA breaches will get the details on this one. NORTH BRANCH, Minn.Aug. 13, 2019/PRNewswire/ — Bayview Dental (“Bayview”) recently discovered an event that may affect the security of certain patients’ personal information. This notice contains information about the incident, actions Bayview is taking in response, and suggested steps that potentially impacted patients can take to monitor their information and protect themselves against the possibility of identity theft and fraud, should they feel it is appropriate. What Happened: On May 28, 2019, Bayview became aware of unusual activity on its servers. Bayview immediately launched an investigation, with the aid of forensic experts, to determine the nature and scope of the activity. On July 4, 2019, Bayview learned that an unauthorized actor potentially had access to the servers, and through that, to certain personal information. We are unable to confirm whether the information was subject to unauthorized access, but because the possibility exists, out of an abundance of caution we provided potentially impacted individuals with notice. We are unaware of any attempted or actual misuse of the information. We also reported the incident to the relevant regulators. What Information Was Involved:Though the investigation is ongoing, Bayview has determined that the information that may have included patient names, addresses, phone numbers, dates of birth, dental insurance information, medical/dental history information and potentially Social Security numbers. We are unaware of any attempted or actual misuse of the information. What We Are Doing>:The privacy and security of patient information is of paramount importance to Bayview. Upon learning of this incident, we immediately secured the impacted servers and began working to implement additional safeguards and continue to provide training to our employees on data privacy and security. Bayview is also notifying patients who may be affected by this incident. In this notice, Bayview is offering 12 months of credit monitoring and identity restoration services through Kroll at no cost to patients. What You Can Do:Affected patients should review the notice letter they received, which contains information on what they can do to help protect themselves against the possibility of identity theft and fraud. They may also enroll in the free credit monitoring and identity theft protection services Bayview is offering. For More Information: We sincerely regret any inconvenience or concern this incident may have caused. Should you have any questions about the content of this notice or ways you can better protect yourself from the possibility of identity theft, please call 866-775-4209 between 8:00 am and 5:00 pm CT, Monday through Friday, excluding major holidays. SOURCE Bayview Dental