Getty Images/iStockphoto

Lorien Health Services Ransomware Attack Impacts 48K Patients

NetWalker ransomware hackers claim to have stolen data from Lorien Health Services before launching a cyberattack; an email error, email hack, and business associate incident complete this week’s breach roundup.

Maryland Health Services, DBA Lorien Health Services, recently reported that a June ransomware attack on its systems potentially breached the data of 47,754 patients. Lorien operates assisted living facilities in the state. 

According to several reports, the NetWalker ransomware group was behind the attack, which began targeting the healthcare sector in May. Most recently, the University of California San Francisco paid a $1.4 million ransom demand to NetWalker threat actors after they infected several servers of its School of Medicine with ransomware. 

For Lorien, the hackers allegedly stole their data before deploying the ransomware. The data was then posted for sale on the dark web after Lorien refused to pay the ransom demand, with the hackers publishing screenshots of the information allegedly stolen during the attack. 

The breach notification explained the initial attack was discovered on June 6, which encrypted some of the data. Lorien immediately launched an investigation with assistance from third-party cybersecurity experts, which determined the hackers accessed the data during the attack. 

The compromised information included resident names, Social Security numbers, dates of birth, contact details, health diagnoses, and treatment information. All patients will receive a year of free credit monitoring and identity protection services. 

The incident was reported to the FBI, and the investigation is ongoing. 

Central California Alliance for Health Email Hack 

About 35,883 patients of the Central California Alliance have been notified that their patient data was potentially compromised after a hack of its email system. 

On May 7, officials discovered that many employee email accounts were accessed by an unauthorized individual for about one hour before the issue was discovered. The compromised accounts were shut down, and a review was launched. 

Alliance found only limited health information was potentially accessed during the hack but were unable to determine which emails were opened. As a result, officials said they’re reporting all potentially compromised information, which included Alliance Care Management program records, claims data, dates of birth, demographic details, health information, referrals, and Medi-Cal ID numbers. 

Officials stressed that the email accounts did not contain Social Security numbers or financial data. 

The accounts were secured, and all employee passwords were reset, while employees received further security training. 

Business Associate Breach Impacts Physicians East

North Carolina-based Physicians East recently began notifying patients of a potential data breach, caused by a hack on a server of its business associate, Accu Copy. Accu Copy is a printing and billing statement mailing services vendor. 

In May, Accu Copy reported that a server containing some Physicians East patient data was impacted by a security event. An investigation found the hack began on April 1 and lasted for nine days before it was discovered by Accu Copy on April 10. 

A review completed in June determined the impacted server contain letters sent of Physicians East patients. The letters contained a range of personal and health information that varied by patient, such as treatments, dates of service, provider names, and amounts charged for services. 

The impacted data did not include Social Security numbers, patient medical records, credit cards, insurance policy numbers, or other financial information. 

In response, Accu Copy changed all user and administrator passwords and contracted with an outside cybersecurity firm to assist with the investigation. 

Email Error at Heartland Counseling Services

Iowa-based Heartland Counseling Services recently reported that the protected health information of more than 500 patients was likely compromised after an email error, according to local news outlet Siouxland Proud. 

On May 19, Heartland sent a mass email communication to patients. However, a mistake allowed patients who received the email to see the names and email addresses of other patients. No other identifying information was exposed. 

The breach potentially impacted Heartland clients and contacts who were current contacts as of May 19. Officials stressed that the compromised data was limited to names and contact information. 

“Immediately upon learning of the breach the same day of its occurrence, Heartland Counseling Services, Inc. took corrective action to retract the communications using technology,” officials said in a statement.  

“In addition, the Corporate Compliance Officer investigated and additional training on HIPAA and communications was immediately undertaken,” they added.

Next Steps

Dig Deeper on Healthcare data breaches