Getty Images

109K Patient Records Impacted in Overlake Medical Phishing Attack

Several Overlake Medical employees fell victim to phishing attacks, which provided attackers with account access; an email hack, updated breach reports, and ransomware complete this week’s breach roundup.

Overlake Medical Center and Clinics in Washington is notifying about 109,000 patients that some of their health information was potentially compromised during a phishing attack.

On December 9, officials said they first detected the phishing attack and quickly reset the password to stop the unauthorized access. An investigation revealed the attack began three days earlier on just one employee email account.

However, several other employee email accounts were also compromised for several hours on December 9.

The compromised accounts contained a range of patient information including names, contact information, dates of birth, diagnoses, treatment information, health insurance identification numbers, and health insurance provider names. Social Security numbers and financial data were not impacted.

Overlake Medical has since bolstered its email security to block phishing emails, along with implementing multi-factor authentication and new email retention policies. Employees have also received additional security awareness training.

Wise Health Adds 30K Patients to Breach Victim Tally

Texas-based Wise Health has added to its initial tally of patients impacted by a phishing attack first reported in July 2019. At the time, an estimated 35,899 patients were notified of the potential breach. After a data audit, the final breach victim tally has reached 66,984 patients.

The audit was launched in July 2019 after the initial breach report. Several employees responded to phishing emails in March 2019, disclosing their account credentials to the cybercriminals. Those credentials were used to access Wise Health’s employee kiosk to reroute direct deposit payroll.

In total, the hackers attempted to reroute about 100 of those deposits. Under Wise Health’s security policy, a required two checks were issued to employees after a change to direct deposit information. As a result, a large number of checks were printed in April that raised a red flag. Officials said the measure alerted them to the potential scam and prevented the rerouting of those payments.

Wise Health issued a system-wide password reset and hired an outside cybersecurity firm to assist with the investigation. The incident was also reported to the FBI. It’s believed that hackers were only seeking payroll data and that it's unlikely patient information was accessed.

But the email accounts did contain a trove of patient data, including protected health information. Those patients are receiving notification out of an abundance of caution and are being offered a year of free credit monitoring and identity theft services.

Central Kansas Orthopedic Ransomware Attack

A ransomware attack on Central Kansas Orthopedic Group potentially gave hackers access to medical records. CKOG did not pay the ransom and were able to restore its systems from backups.

The infection began on November 11, and CKOG immediately contacted outside counsel and a third-party investigator. The investigation did not find evidence that any data was exfiltrated, but it’s possible the hackers had access to patient data.

The potentially impacted data includes contact information, dates of birth, driver’s license numbers or state IDs, health information related to treatment at CKOG, health insurance numbers, Social Security numbers, and email addresses.

CKOG will be leaning on its third-party investigators to determine ways to improve its overall security and will implement new tools where necessary. About 17,214 patients are being notified of the potential compromise.

NCH Reports Breach from June 2019 Phishing Attack

NCH Health has closed the investigation into the scope of a phishing attack on its payroll system that it discovered in June 2019.  The Florida health system first reported it was investigating the security incident in August 2019 with help from a third-party forensics firm.

Officials said they determined on July 2 that several employees fell victim to phishing emails that provided hackers with access to their email accounts. At the time of the initial reporting, NCH said they were still investigating the scope of the incident.

According to the notification, hackers got into the NCH payroll system through the phishing scheme. It appears the hackers were solely focused on rerouting direct deposit payroll funds. The medical records systems were not impacted by the attack

However, the attack also provided the cybercriminals with employee login credentials, and the investigation could not rule out whether emails were viewed during the event.

The third-party forensics firm “undertook a diligent and time-consuming manual and programmatic review of the entire contents of the relevant email accounts.”

NCH confirmed the patients whose information was contained in those accounts, and officials said they’ve been working to obtain all addresses of those individuals. The data varied by patient, but could include names, dates of birth, driver’s licenses, treatments, medical histories, medications, beneficiaries, provider names, patient identification numbers, health insurance data, and or user name and passwords.

For less than 5 percent of patients, Social Security numbers were compromised. All patients will receive two years of free credit monitoring and identity theft restoration services.

PSL Services in Maine Reports Email Hack

Peregrine (PSL Services) in Maine is notifying an undisclosed number of patients that their data was potentially compromised after a hack on several employee email accounts.

On December 17, officials said they discovered suspicious activity in one employee email account. An investigation was launched with assistance from a third-party forensics specialist. They determined a number of employee email accounts were hacked for three days between December 16 and December 19.

The investigation is ongoing, as officials are reviewing the contents of the accounts to determine the scope of the incident. So far, they’ve determined the accounts contain patient names, addresses, Social Security numbers, dates of birth, driver’s licenses, medical data, and Maine Care numbers.

PSL is currently reviewing its security measures and will implement further safeguards. Officials said they are still working to identify the patients whose information was potentially compromised and will provide them with free identity protection services.

The Department of Health and Human Services and the Maine Attorney General have both been notified.

Next Steps

Dig Deeper on Healthcare data breaches