Tenet Healthcare Investigating Cybersecurity Incident

Dallas, Texas-based Tenet Healthcare is investigating a cybersecurity incident that temporarily disrupted some of its acute care operations.

Tenet Healthcare is investigating a cybersecurity incident that occurred at an unspecified time during the week of April 18, a press release stated. The Dallas, Texas-based health system, which consists of 60 hospitals and 550 outpatient centers, said it immediately suspended user access to impacted IT applications upon discovery of the incident.

In addition, Tenet said it immediately executed its cybersecurity protection protocols and took steps to restrict additional unauthorized network activity.

While it worked to contain the incident, Tenet said it experienced temporary disruptions to “a subset of acute care operations.” However, the health system assured patients that its hospitals remained operational and were able to effectively deliver care using backup processes.

“At this time, critical applications have largely been restored and the subset of impacted facilities has begun to resume normal operations,” the press release continued.

“In parallel, the Company immediately launched an investigation of the incident, which is currently ongoing. The Company is taking additional measures to protect patient, employee and other data, as appropriate, in response to this incident.”

Two Laptops Stolen at Georgia Pines CSB

Two laptops were stolen at Georgia Pines Community Service Board (CSB), a notice on the mental health service provider’s website stated. The laptops contained the protected health information (PHI) of 24,000 individuals.

On April 7, Georgia Pines discovered that a physical break-in had occurred overnight. Although there has been no indication that the information has been accessed or used by an unauthorized individual, the laptops did contain names, medical records, Social Security numbers, and addresses.

“At Georgia Pines Community Service Board, we take every reasonable measure to ensure personal information is maintained in a confidential manner,” the notice stated.

“We also recommend you take reasonable precautions by reviewing all your accounts and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. Additionally, you should report any fraudulent activity or any suspected incident of identity theft to the proper law enforcement agency.”

Georgia Pines CSB said it was working closely with law enforcement to find the party responsible for the theft and prevent future incidents.

Humana-owned company reports Laptop Theft

One Homecare Solutions, also known as onehome, a provider of home-based healthcare, disclosed that two company laptops were stolen from an employee’s home. Humana acquired onehome in June 2021.

Onehome discovered the incident on March 3 and said that the employee immediately reported the theft to the police.

Full Social Security numbers and financial information were not involved in the incident, but the names, addresses, health insurance identification numbers, medical information, last four digits of Social Security numbers, and phone numbers of 15,000 patients across Florida were potentially impacted.

The provider offered identity theft protection services to all patients whose partial Social Security numbers were involved in the data security incident.

“One Homecare Solutions is advising notified patients to remain vigilant by reviewing documents for suspicious activity, including health insurance statements, medical records, account statements and credit reports,” onehome advised.

“If patients find unfamiliar activity on any health insurance statements they receive, they should notify their health insurance company immediately. If they see suspicious activity on their credit report, they should call their local police office to file a report for identity theft.”

ARcare Discloses Data Privacy Incident

In early April, ARcare concluded its investigation into a recent healthcare data breach that potentially exposed medical information. ARcare, which offers medical services across Arkansas, Mississippi, and Kentucky, said that an unauthorized actor had access to its computer systems between January 18 and February 24, 2022.

ARcare said that the incident involved a “malware infection that impacted its computer systems and caused a temporary disruption to services.”

No misuse has been reported, but the accessed information included names, Social Security numbers, driver’s license numbers, prescription information, medical diagnoses, health insurance information, birth dates, financial account information, and names.

“ARcare treats its duty to safeguard information as an utmost priority. ARcare responded immediately to this incident and worked diligently to provide potentially affected individuals with accurate and complete notice of the incident as soon as possible,” the notice explained.

“With the assistance of third-party specialists, ARcare also took steps to enhance the security of its systems. As part of ARcare's ongoing commitment to the privacy and security of information in its care, ARcare is reviewing existing policies and procedures and implementing internal training protocols to mitigate any risk associated with this incident and to better prevent future incidents.”

Next Steps

Dig Deeper on Healthcare data breaches