Alex - stock.adobe.com

Data of 3.3M 20/20 Hearing Care Patients Hacked From Cloud Database

The 20/20 Hearing Care Network found an actor hacked into its AWS cloud database and deleted patient data; ransomware, a system hack, yet another Netgain breach victim, and a data security incident, complete this week’s breach roundup.

Nearly 3.3 million patients from the 20/20 Hearing Care Network were recently notified that their information was accessed and possibly deleted, after an actor hacked into the provider’s Amazon Web Services cloud storage bucket and downloaded or destroyed data.

On January 11, 20/20 was alerted to suspicious activity in its cloud storage environment. The security team quickly moved to secure the impacted systems and launched an investigation. Officials said they also engaged with law enforcement, the FBI, and an outside security firm.

The investigation could not conclusively determine what information was accessed or removed from its systems, just that the attacker accessed or downloaded certain information before deleting it completely from the system.

The compromised data varied by patient but could include names, Social Security numbers, dates of birth, member identification numbers, and or health insurance details. All impacted patients will receive free credit monitoring and identity theft assistance and insurance.

The provider analyzed its member database and its health plan partners to identify the individuals who could be impacted by the security incident and validate relevant database records, as well as to obtain missing information needed to notify the patients.

Law enforcement is continuing to investigate the breach. And 20/20 has since reset all system passwords and is reviewing existing security procedures to bolster its cyber posture.

Ransom Paid to Return Sturdy Memorial Hospital Data

Prior to falling victim to a ransomware attack in February, Sturdy Memorial Hospital reports that the attackers first stole patient information from its network. According to its notice, a ransom was paid to the attackers “with assurances that the information acquired would not be further distributed and that it had been destroyed.”

The ransomware was deployed on February 9, which disrupted operations and its IT system. With support from a third-party forensics team, the network was secured the same day as the attack.

The subsequent investigation into the stolen data and the scope of the attack found patient information was contained in the exfiltrated data. The stolen data also involved data from previous healthcare partners involved with care coordination, including Harbor Medical Associates, South Shore Medical Center, and South Shore Physician Hospital Organization.

The affected data did not come from the hospital’s EHR, which was not impacted by the hack. But the information could have included names, contact details, dates of birth, SSNs, driver’s licenses, government IDs, financial or banking account information, credit cards, Medicare numbers, medical histories, treatments, diagnoses, and other sensitive details.

Hoboken Radiology Reports 18-Month Data Breach

An undisclosed number of Hoboken Radiology patients were recently notified that their data was compromised during an 18-month hack of its medical imaging server.

On November 3, 2020, officials said they were informed of potentially suspicious activity on its computer network. Hoboken Radiology soon determined the medical imaging server was hacked.

The investigation is ongoing, but it appears the unauthorized access occurred on multiple occasions between June 2, 2019 and December 1, 2020.

The server contained patient names, gender, dates of birth, treatments, referring provider names, patient ID numbers, accession numbers, images, and descriptions. No SSNs, payments, insurance, or financial data were stored on the affected system.

The provider is currently reviewing and bolstering its policies and procedures for personal information storage and access.

As previously reported, oft-vulnerable and improperly secured Picture Archiving and Communication Systems (PACS) used by many US health systems are routinely exposing millions of medical images. 

Data from researcher Dirk Schrader, Global Vice President at New Net Technologies (NNT) estimates that more than 180 providers are inadvertently exposing data in this way. Sutter Buttes Imaging recently reported a similar 18-month data leak caused by a PACS vulnerability.

Caravus Added to Netgain Breach Victims

Yet another provider is being added to the ongoing Netgain breach victim tally, stemming from a ransomware attack and data exfiltration incident from late 2020.

Netgain initially provided Caravus with formal notice that its data was not included in the security incident, but a recent review found that was not the case. Caravus, a health insurance broker, no longer employs Netgain for cloud services.

Caravus recently notified an undisclosed number of patients that their data was breached, as Netgain failed to destroy some of its legacy data on an older server after a 2015 data migration. The data was tied to patients who visited Caravus in or before 2016.

Hackers broke into Netgain’s network in September 2020, but officials did not discover the incident until November. Officials quickly launched an investigation and notified law enforcement, but the attackers launched a ransomware attack on December 3.

The investigation found the threat actors had stolen troves of client data prior to encrypting a subset of data on Netgain’s internal systems. The threat was contained and eradicated by January 14, 2021, with the vendor sending notice to the impacted clients soon after.

Upon learning of the incident, Caravus launched its own investigation to determine just what information Netgain retained after the server migration and the patients impacted by the compromise. The affected data varied by patient and could include names, contact details, SSNs, health information, financial account data, and or driver’s licenses.

All individuals will be offered free credit monitoring and identity theft restoration services. Caravus is continuing to strengthen its security policies and procedures, particularly around third-party vendor management.

In total, the clients impacted by the Netgain incident include Woodcreek Provider Services, Elara Caring, Sandhills Medical Foundation, Allina Health’s Apple Valley Clinic, Health Center Partners of Southern California, San Ysidro Health, SAC Health Systems, and San Diego Family Care, among others.

Glacier Medical Data Security Incident

An unspecified number of Glacier Medical Associates’ patients are being notified that the Montana medical practice detected and stopped a data security incident on April 7, 2021.

The notice is sparse on details, including only that an investigation led with assistance from a third-party forensics specialists concluded on May 10. Officials did not explain the types of data impacted, nor the type or location of the attack.

Next Steps

Dig Deeper on Healthcare data breaches