Jun 182019

And yet another ransomware incident. They do not disclose the number of patients who were notified about this. Of note, sounds like their recovery was pretty smooth because they were prepared.

BOSTON, June 18, 2019 /PRNewswire/ — Tenx Systems, LLC d/b/a ResiDex Software (“ResiDex”) specializes in providing software for assisted living homes, group homes, and organizations providing care for the elderly or disabled, including Youville House, Youville Place and Wingate Healthcare (collectively “the Facilities”).  ResiDex recently identified and addressed a security incident that may have involved personal information and/or protected health information of the current, former or prospective residents and/or staff members of the Facilities.  ResiDex began providing notice on June 7, 2019 to all individuals potentially impacted by this incident.  This release describes the incident, outlines measures that ResiDex has taken in response, and advises potentially impacted individuals on steps that they may take to further protect their information.

On April 9, 2019, ResiDex became aware of a data security incident, including ransomware, which impacted our server infrastructure and took our systems offline.  ResiDex immediately undertook efforts to restore its servers to a new hosting provider.  Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day.  Additionally, ResiDex took affirmative steps to further safeguard its software systems.  ResiDex simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.

The forensic investigation was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions.  The investigation did determine that first access to ResiDex’s systems occurred on approximately April 2, 2019, with the ransomware launched on April 9, 2019.

The data security incident may have resulted in unauthorized access to protected health information, including medical records that existed on ResiDex’s software as of April 9, 2019, and/or personal information including names and social security numbers.  Please note that it is entirely possible that any one individual who is/was a current, former or prospective resident or staff member of the Facilities did not have their personal information and/or protected health information compromised as a result of the incident.  Nonetheless, notification has been provided to all potentially impacted individuals in an abundance of caution.

Individuals who have received a notification or who believe that they may have potentially been impacted by this incident are invited to contact (877) 347-0184 between 9:00 a.m. and 9:00 p.m. Eastern Standard Time, Monday through Friday.  ResiDex and the Facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.

SOURCE Tenx Systems, LLC d/b/a ResiDex Software

Jun 182019

Maryland-based Capitol Cardiology Associates (CCA) and Southern Maryland Medical Group (SMMG) are notifying patients because of an incident involving a third-party vendor/business associate.

According to their notification letters, on March 14, Meditab Software, Inc. became aware of a potential breach involving protected health information (phi). The breach may have included patients’ medical records or visit notes (diagnosis and treatment), patient names, addresses, dates of birth, and phone numbers.

Meditab reportedly identified the duration of the potential data breach to be between January 9, 2019 and March 14, 2019.  Meditab also explained how the incident occurred. As described by CCA and SMMG:

Meditab has notified us that the incident involving PHI was an issue with a certain portal that allowed Meditab to view statistics for its Fax Cloud services.  This analytics platform maintained statistics on all faxes sent but did not have any images directly on the server.  However, as the fax was being transmitted, a link to the fax image on a separate and secure server was temporarily available until the fax sent confirmation was received.  Once the fax was sent, this link was no longer active.  This portal was intended for Meditab use, only, and initially was deployed with username/password authentication in place.  However, on January 9, 2019, this authentication was removed without authorization by one of Meditab’s programmers.

Meditab reportedly found that a limited number of faxes were discoverable until the time the incident was reported.

The entities somewhat understandably view this incident as resulting in a low risk of any harm to patients, further explaining:

While the analytics portal was not searchable or crawlable on any search engines, if the portal was found, any faxes that were discoverable would have to be accessed individually in a separate window in order to download or print.

Both entities have posted copies of their notification letters on their web sites and have reported the incident to HHS.  CCA is notifying 1980 patients, while SMMG is notifying 1400 of its patients.

DataBreaches.net contacted Meditab Software to inquire as to how many other clients or how many patients, total, have been notified of this incident, but did not receive an immediate response.

Jun 182019

Somendranath Sharma reports:

Confidential data entrusted to a Bhayandar-based Business Process Outsourcing (BPO) company by a New York-based company was compromised recently. This has led to a police investigation, and the corporate espionage angle is also being probed.

The BPO company registered an FIR stating that email addresses of the New York-based debt recovery company, which were used to communicate with clients, were illegally accessed from outside the BPO. One of the email IDs was allegedly accessed by a rival company in Thane.

Read more on Mumbai Mirror.

In light of recent news about a breach involving the New York-based medical collection agency Retrieval-Masters Creditors Bureau Inc. (dba American Medical Collection Agency), DataBreaches.net reached out to Epicenter Technology to inquiry about the identity of the NY firm, but has received no response as yet. DataBreaches.net has also sent an email inquiry to the law firm representing Retrieval-Masters to ask them if this report out of India is in any way connected.

This could all be a coincidence, of course, but a NY collection agency being mentioned seems like quite a coincidence. If any response is received, I will update this post.

Jun 182019

Bob Clark reports:

Hackers attempting to ransom the computer systems at Olean Medical Group on Friday did not access records for 40,000 patients, group officials reported Monday.

In a faxed press release sent Monday, OMG officials noted the group is still seeing patients, even if charting is being completed by pen and paper instead of computer as the group recovers from the attack.

A similar situation appears to exist with the Seneca Nation Health System, with OMG officials reporting it is the same type of attack they experienced. The SNHS website also reported the computer system is down.

Read more on Olean Times Herald.  The notice on SNHS’s site says that no patient information has been compromised, which does sound like a ransomware incident if no data was accessed but was locked up.

Jun 182019

Matt Dathan reports:

The site containing bills currently before Parliament was showing private folders not meant for publication.

One Twitter user said they had found passwords had leaked online too.

A Parliamentary spokesman said it was looking into the reports but said it had not found any evidence that confidential parliamentary data had been breached.

Read more on The Sun.