Jul 212018

Between May 23 and 24, 2018, NorthStar learned of an email phishing campaign that resulted in the compromise of certain employees’ email credentials.  NorthStar immediately took steps to respond and commenced an investigation to determine the nature and scope of the incident, as well as determine what information may be affected.  The investigation included working with third party forensic investigators.  Through the investigation, NorthStar determined that an unauthorized actor(s) gained access to certain employee email accounts between April 3 and May 24, 2018.  The investigation also determined that the emails affected by this incident contained personal information.  While the information potentially affected varies by individual, NorthStar’s investigation determined that the information that may have been affected includes name, date of birth, health insurance application or claims information, health insurance policy or subscriber number, health information, IRS identity protection number, taxpayer identification number, medical history information, treatment and diagnosis information, and medical record number.  For certain individuals, this incident may have also affected Social Security number.

The confidentiality, privacy, and security of information in our care is one of our highest priorities.  Upon learning the email phishing event, we commenced an investigation to confirm the nature and scope of the incident and identify any individuals who may be affected.  We have been working, with the assistance of third party forensic investigators, to identify and notify potentially impacted individuals.  While we have security measures in place to protect information in our care, we are also implementing additional safeguards to protect the security of information.

NorthStar is mailing notice letters to individuals who may have been affected by this incident and is offering potentially impacted individuals access to credit monitoring and identity restoration services for two (2) years at no cost.  NorthStar is also encouraging potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports and explanation of benefits forms for suspicious activity.  NorthStar’s notification to potentially impacted individuals includes information on obtaining a free credit report annually from each of the three major credit reporting bureaus by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 800-525-6285, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA19016, 800-680-7289, www.transunion.com. Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.  Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General.  NorthStar has provided notice of this incident to the U.S. Department of Health and Human Services, as well as required state regulators.

NorthStar has set up a dedicated assistance line to answer questions regarding this incident. The dedicated assistance line may be reached at (888) 685-7768 (toll free), Monday through Friday from 7 am – 7 pm Central Time.

SOURCE NorthStar Anesthesia

Jul 202018

Lisa Wachsmuth reports:

A “cyber incident” at a Wollongong medical centre has patients concerned their records may be lost, or even illegally accessed.

GPs at Ochre Health Wollongong have been unable to access their patients’ medical records for two weeks after the incident which has still not been resolved.

A spokesperson for Ochre Health has moved to allay concerns, however it’s left patients rattled.

Read more on Illawarra Mercury.

Jul 202018

Elizabeth Payne reports:

A family says they are devastated and are asking for stronger protection measures to be put in place after a breach of patient records at The Ottawa Hospital.

The hospital discovered the breach during a routine privacy check earlier this year. Thirty patients have been notified that their health records were improperly accessed.

Read more on Ottawa Citizen.

Jul 202018

Today reports:

In the biggest and most serious cyberattack yet on Singapore, hackers last month broke into SingHealth‘s IT systems to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, the authorities said on Friday (July 20).

Read more on Today.

Here is the joint press release by the Ministry of Communications and Information and Ministry of Health:



Safeguard Measures Taken, No Further Exfiltration Detected 

SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack.

2          About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. The records were not tampered with, i.e. no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.

3          Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS)[1] confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.

4          The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.


5          On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity. IHiS investigated the incident to ascertain the nature of the activity, while putting in place additional cybersecurity precautions. On 10 July 2018, investigations confirmed that it was a cyberattack, and the Ministry of Health (MOH), SingHealth and CSA were informed. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018. SingHealth lodged a police report on 12 Jul 2018. Police investigation is ongoing.

6          With heightened monitoring, further malicious activities were observed. However, no further illegal exfiltration has been detected since 4 July 2018. All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.

7          IHiS, with CSA’s support, has implemented further measures to tighten the security of SingHealth’s IT systems. These include temporarily imposing internet surfing separation. We have also placed additional controls on workstations and servers, reset user and systems accounts, and installed additional system monitoring controls. Similar measures are being put in place for IT systems across the public healthcare sector against this threat.

Investigations by CSA

8          CSA has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.

Patient Engagement

9          From today, SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018, to notify them if their data had been illegally exfiltrated. All the patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

Further Actions

10         MOH has directed IHiS to conduct a thorough review of our public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response. Areas of review will include cybersecurity policies, threat management processes, IT system controls and organisational and staff capabilities. Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

11         The Government takes a serious view of any cyberattack, illegal access of data or action that compromises the confidentiality of data in Singapore.  The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident.

[1] Integrated Health Information Systems (IHiS) is the technology agency for the public healthcare sector. It runs the public healthcare institutions’ IT systems.

Jul 192018

Slater Teague reports:

Ballad Health says an employee has been fired for accessing patients’ records without an appropriate reason to do so.

The health system says it learned of the data breach on May 28.

According to Ballad, the former employee viewed patients’ records, accessing both demographic and clinical information.

Read more on WJHL.