Network Outages, Healthcare Cyberattacks Ramp Up as Holidays Approach
A healthcare cyberattack resulted in PHI exposure Texas ENT Specialists, and Missouri-based Capital Region Medical Center’s systems remain down after a network outage.
Healthcare cyberattacks and network outages are not slowing down as the end of the year approaches. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI released a statement in November warning US critical infrastructure entities to remain vigilant against cyber threats and ransomware during the upcoming holiday season.
“CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you,” the statement warned.
The warnings were founded, as cyberattacks continue to plague the healthcare sector amid a COVID-19 surge.
Texas ENT Specialists Breach Impacts 535K
An unauthorized party gained access to Texas ENT Specialists’ network between August 9 and August 15, 2021, the practice explained in a public notice. Texas ENT learned of the incident on October 19 and later reported to HHS that the breach had impacted 535,489 individuals.
With the help of a third-party cybersecurity firm, Texas ENT confirmed that the unauthorized party took copies of files containing patient names, birth dates, procedure codes, and medical record numbers. Some files also contained Social Security numbers. The breach did not impact Texas ENT’s electronic medical records system.
Texas ENT said that it sent letters to impacted patients on December 10, 2021. For patients whose Social Security numbers were exposed, the practice is offering free identity monitoring services.
“We take patient privacy very seriously and we regret any inconvenience this incident may cause our patients and their families,” the notice stated.
“To help prevent something like this from happening again, we are further strengthening our existing privacy and information security program by implementing additional safeguards and technical security measures to protect and monitor our systems.”
Capital Region Medical Center Suffers Network Outage
Missouri-based Capital Region Medical Center (CRMC) is suffering a system-wide network outage that began on December 17, according to the center’s Facebook page.
“CRMC is experiencing a system-wide network outage which is impacting the phone and computer systems. We are working to remedy the situation as soon as possible,” the Jefferson City medical center explained in the post.
“We apologize for this inconvenience. We are working diligently to get our systems functioning properly.”
A spokesperson for the hospital said that CRMC chose to take the network down as a precaution to allow its IT team to evaluate the situation, according to KMIZ.
There have been no additional updates since the morning of December 17.
Maryland Department of Health Continues Recovery After Network Security Incident
The Maryland Department of Health (MDH) website was pushed offline over the December 4 weekend after a network security incident. Weeks later, the department is still recovering. At this time, the health department has not indicated that any data has been compromised.
On December 20, the Maryland Department of Health resumed data reporting on its COVID-19 dashboard for the first time in two weeks, CBS Baltimore reported. The health department is also actively posting updates on the incident on its website.
“The state’s chief information security officer stood up an incident command structure with a focus on protecting the MDH network, conducting a forensic investigation, and restoring core services,” the website states.
“Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected. There continues to be no evidence that any data was compromised.”
MDH said it is being “methodical and deliberate” in its restoration process in order to avoid additional damage.
DNA Diagnostics Center Breach Impacts 2.1 Million
DNA Diagnostics Center (DDC), which collects DNA at 3,660 US locations and more across Canada and the UK, suffered a data breach that impacted more than 2.1 million individuals, according to documents from the Maine attorney general’s office.
DDC discovered the breach on August 6, 2021. Between May 24 and July 28, an unauthorized party accessed and acquired an archived database that contained personal information collected between 2004 and 2012.
“The impacted database was associated with a national genetic testing organization system that DDC acquired in 2012. This system has never been used in DDC’s operations and has not been active since 2012,” the center explained in a statement.
“Therefore, impacts from this incident are not associated with DDC. However, impacted individuals may have had their information, such as Social Security number or payment information, impacted as a result.”
DDC concluded its investigation on October 29 and began notifying impacted individuals.
“DDC has taken steps, in coordination with its third-party cybersecurity experts, to regain possession of this personal information and ensure its safekeeping. DDC is not aware of any reports of identity fraud or improper use of the information,” the statement continued.
DDC is offering free credit monitoring for impacted individuals.