Getty Images/iStockphoto

Allergy Partners: Data Stolen During Ransomware Attack, EHR Outage

After a ransomware attack and EHR outage in February, Allergy Partners found the actors exfiltrated data; more data theft, a server misconfiguration, and PACS exposure complete this week’s breach roundup.

Following reports of a ransomware attack and subsequent EHR outage at Allergy Partners in February, the North Carolina specialist is notifying an undisclosed number of patients that their data was exfiltrated during the security event.

As previously reported in March, the FBI was tasked with investigating a cyberattack on Allergy Partners that began on February 23 and lasted for eight days. The attackers demanded a $1.75 million ransom to release the encrypted data, while some appointments were delayed at two care sites.

An outside investigator was hired to investigate, and according to a recent release, the attackers first gained access to the network on January 12, several weeks before deploying the ransomware. During the hack, the threat actors deployed malware and stole some data from the network.

The investigation is ongoing, but officials said they’ve determined that some of the stolen documents contained patient information, like names, contact details, health insurance information, driver’s licenses, Social Security numbers, financial account data, and or clinical information.

Patients will receive direct notifications on just what data was compromised during the attack, once the investigation concludes.

Woodholme Gastroenterology Network Hack Leads to Data Theft

Maryland-based Woodholme Gastroenterology recently notified 50,000 patients that their data was accessed and potentially stolen, after threat hackers hacked into its network in February.

The incident was first discovered on March 1, but the attackers hacked into the system a few days earlier on February 25.

After a review, officials determined that the stolen data include patient information, such as names, dates of birth, contact details, diagnoses, treatments, and patient identification numbers. 

For some patients, the impacted information included SSNs, driver’s licenses, and or health data. Those individuals will receive free complimentary credit monitoring and identity protection services.

Woodholme is currently taking steps to enhance the security of its systems and information.

Middletown Medical Imaging PACS Exploit

The data of nearly 30,000 patients of Middletown Medical Imaging in Florida was exposed, after a hacker gained access to its Picture Archiving and Communication Systems (PACS). The specialist changed ownership in December 2020. 

In March, officials discovered that unauthorized access to its PACS server began in late August 26, 2019. An investigation was launched to assess the cause of the exposure, as well as the needed steps for ensuring the security of the system.

The analysis found a vulnerable port in the PACS server, which enabled unauthorized actors to access the information stored within it. Officials said they confirmed the unauthorized access was terminated by February 23.

The exposed information included a range of data that varied by patient and could include: radiology exams or study descriptions assigned by MMI, radiology exam IDs, provider names, and modality types.

Officials said they confirmed that no contact information, radiographic images, medical records or reports, SSNs, insurance data, or financial information was exposed during the incident.

MMI responded to the incident by implementing updated technology and systems security, while continuing to provide employees with HIPAA privacy and security training.

PACS vulnerabilities are highly common in the US healthcare sector. In November, an exclusive HealthITSecurity.com report with Dirk Schrader, Global Vice President at New Net Technologies (NNT), detailed how these critical flaws are exposing millions of medical images.

The report followed up on a 2019 ProPublica report detailing the security risks posed by PACS, including inherent flaws in the DICOM protocol, the message standard used for electronic communications of diagnostic and therapeutic images.

California Provider’s Network Hack Causes Potential Data Theft

The data belonging to 29,030 patients of California-based St. John's Well Child and Family Center was accessed and potentially stolen in February after an unauthorized individual gained access to the network.

While the provided details sound like a ransomware attack, officials called the event a data security incident that disrupted access to certain systems. Upon discovery, the security team took steps to secure the network, then launched an investigation.

The system review found that the threat actors accessed or acquired both personal and health information during the incident. The data included names, genders, dates of birth, contact details, patient and personal identification numbers, treatments, diagnostics, and or insurance data. For one patient, their SSN was compromised.

The incident was reported to the FBI, and officials said they’ve since implemented additional security features to prevent a recurrence.

Arizona Asthma and Allergy Institute Misconfiguration 

A misconfigured network server led to the potential exposure of data from 50,000 patients of Arizona Asthma and Allergy Institute.

The notice does not detail when the incident was discovered, nor the platform or tech that led to the compromise. Instead, officials said “data was made publicly available under the name of a different organization for a brief period in September 2020, and [it] may have included Institute data.” 

Led with support from a third-party forensics security firm, an investigation found the exposed data included some information from patients who received care between October 1, 2015 and June 15, 2020. 

The personal information included patient names in combination with an identification number, provide name, health insurance information, and treatment costs. Officials said they’ve since taken steps to enhance their security measures.

Next Steps

Dig Deeper on Healthcare data breaches