Getty Images

Ransomware Attack on Brandywine Urology Impacts 131K Patients

Brandywine Urology Consultants in Delaware is investigating a January ransomware attack; a business associate incident, phishing, an email hack, and another ransomware event complete this week’s breach roundup.

About 131,825 patients of Brandywine Urology Consultants are being notified that their data was potentially compromised during a ransomware attack. The Delaware specialist is continuing to investigate the scope of the incident.

On January 27, a ransomware infection was discovered on the Brandywine Urology network. The cyberattack began two days earlier on a Saturday. Officials said they immediately isolated the attack and began mitigating the network intrusion.

Once the attack was neutralized, officials explained they performed a scan of the central server to ensure all traced of malware were removed. The ransomware attack was confined to the network and did not impact the electronic medical record system.

The provider hired a third-party security firm to assist with the investigation, which is ongoing. It appears it was an automated cyberattack designed to encrypt data and extract a financial payment from Brandywine Consultants, rather than an attempt to steal data.

However, it’s still possible patient data was compromised during the attack, including names, contact details, Social Security numbers, medical file numbers, claims data, and other financial and personal information.

The practice has since replaced its central server and isolated the impacted servers, along with replacing or deleting and reloading any affected computers. Further, they’ve installed an updated antivirus program, while they continue to work with the security firm to test its data security measures and implement improvements to ensure the security and integrity of its systems.

Phishing Attack on Doctors Community Medical Center

Doctors Community Medical Center in Maryland is notifying some of its patients that it fell victim to a phishing campaign in January, which potentially compromised their data.

Several employees fell victim to the phishing attack, providing the hacker with their user credentials. As a result, the attackers were able to access the employee payroll information, as well as their email accounts.

In February, DCMC determined a threat actor was able to access multiple employee accounts for various period between November 6, 2019 and January 30, 2020.

The investigation determined those accounts contained data sheets with patient demographic information, which varied by patient, such as names, addresses, dates of birth, Social Security numbers, financial account information, treatments, diagnoses, prescriptions, driver’s licenses, military identification numbers, medical record numbers, health insurance information, and other sensitive data.

Law enforcement has been contacted, as it continues to investigate the incident. Currently, DCMC is continuing to review its existing policies and procedures and will implement additional safeguards to bolster its security.

Business Associate Reports Breach from July 2019

Avalon Health Care Management recently reported a hack of its email system from July 2019, which potentially breached the data of about 14,500 patients.

On July 2019, Avalon first discovered suspicious activity in its email system. Officials said they took steps to secure the system and launched an investigation. One month later, they determined a single employee email account was accessed without authorization and worked with a document review vendor to verify the potential patient information contained in the account.

Nearly six months after they first discovered the hack, officials concluded the account contained both employee and patient data and launched a further analysis that concluded on January 27, 2020.

It’s imperative to note the under HIPAA, breaches are to be report to the Office of Civil Rights within 60 days of discovery, not at the conclusion of an investigation. Avalon began notifying patients in March 2020.

Ransomware Attack on Andrews Braces Impacts 16K

Nevada-based Andrews Braces is notifying about 16,600 patients that their data was potentially breached after a ransomware attack in February.

The attack began on February 13, but was discovered the next day. With assistance from a third-party forensic investigator, they determined the event was likely an automated attack designed to financially extort the orthodontist. Further, no data was exfiltrated, but officials said they could not rule out access.

As a result, the potentially compromised data could include names, contact details, health information, Social Security numbers, and email addresses. Andrews Braces has since implemented new security tools and measures, including hardening overall platform security.

Saint Frances Ministries Reports Email Hack

An unauthorized individual gained access to the email account of a Saint Frances Ministries employee, which potentially breached the data of an undisclosed number of patients. The Ohio nonprofit is a children and family services ministry provider that serves about 31,000 people from the Midwest, Texas, and Central America.

In December, officials said they first discovered suspicious activity related to one employee email account, and steps were taken to secure the account. An investigation concluded on February 12 and found the hacker accessed the account for about a week between December 13 and December 20.

The investigation could not verify whether the emails or attachments were viewed or accessed during the security incident. The potentially affected data varied by patient, but could include Social Security numbers, dates of birth, driver’s licenses, financial data, credit or debit card information, treatments, diagnoses, medical record numbers, and Medicare or Medicaid numbers, among other sensitive data.

Next Steps

Dig Deeper on Healthcare data breaches