Flavijus Piliponis â stock.ado

Baton Rouge General Confirms Healthcare Data Breach

Baton Rouge-based General Health System confirmed that an unauthorized party accessed its network in June, resulting in a healthcare data breach.

Baton Rouge-based General Health System (GHS) confirmed a healthcare data breach that occurred in June, a notice on its website stated. GHS operates more than 20 clinics and medical facilities in the Baton Rouge area.

In late June, WAFB reported that the Louisiana hospital had temporarily reverted to recording patient records on paper until it could safely bring its EMR and other patient systems back online.

In a notice posted recently on its website, GHS confirmed that it experienced a cyber incident beginning on June 28. Further investigation revealed that an unauthorized party had accessed certain directories within its network between June 24 and June 29.

“GHS is currently undertaking a comprehensive review of the contents of the directories determined to be at risk to assess what sensitive information was contained within them and to whom the information related,” the notice stated.

“This review is ongoing and once completed, GHS intends to notify the potentially affected individuals via mailed notification letters. If your data is impacted, the letter you receive will state what information related to you could have been accessed.”

Overlake Medical Center & Clinics Suffers Email Security Incident

Overlake Medical Center & Clinics in Seattle, Washington notified 557 individuals of an email security incident involving some patient information. On June 14, Overlake learned that an unauthorized party had obtained the login credentials for a staff member’s email account.

Overlake was able to quickly respond to the incident and secured the account within hours. However, the unauthorized party potentially accessed some information stored in the account between June 13 and June 14.

The email account contained patient names, birth dates, patient account numbers, medical record numbers, health insurance information, dates of service, treatment cost information, and limited health information related to billing. Overlake said that there was no indication that the information had been misused.

“We sincerely regret any concern this incident may cause. Overlake has a robust information security program that strives to always protect the privacy and security of our patients’ and employees’ information,” the notice stated.

“Overlake has and will continue to take steps to mitigate this incident and help prevent something like this from happening again, including continuing comprehensive training for staff members.”

EmergeOrtho Discloses Ransomware Attack

EmergeOrtho, which has more than 45 outpatient offices throughout North Carolina, recently disclosed a May 2022 cyberattack. On May 18, EmergeOrtho “detected and stopped a sophisticated ransomware attack,” a notice on its website explained.

An unauthorized party managed to access some of EmergeOrtho’s computer systems. The potentially exposed information included patient names, and addresses, along with some treatment information, financial information, birth dates, and Social Security numbers.

EmergeOrtho has not discovered any instances of fraud or identity theft as a result of the incident but encouraged impacted individuals to remain vigilant. The attack largely impacted individuals located on the Coastal region, but it was unclear how many individuals were impacted at the time of publication.

“Data security is one of EmergeOrtho’s highest priorities. Upon detecting this incident, we moved quickly to initiate a response, which included retaining a leading forensic investigation firm who assisted in conducting an investigation along with the assistance of leading IT specialists to confirm the security of our network environment,” EmergeOrtho stated.

“Additionally, we are coordinating with the FBI. We have also deployed additional monitoring tools and will continue to enhance the security of our systems.”

Next Steps

Dig Deeper on Healthcare data breaches