kras99 - stock.adobe.com

Data of 50K Alomere Health Patients Exposed by Employee Email Hack

An investigation into an initial employee email hack at Alomere Health revealed an earlier breach; ransomware attacks, an RCM vendor mailing error, and malware complete this week’s breach roundup.

Minnesota-based Alomere Health is notifying 49,351 patients that their medical data was potentially exposed during a hack on two employee email accounts.

Hospital staff first discovered unauthorized access on one employee email account on November 6. The account was secured, and an investigation determined the account was accessed between October 31 and November 1. Officials said during that time they discovered another email account was hacked on November 6.

The compromised accounts contained patient names, contact details, dates of birth, and a trove of health information, like insurance data, diagnoses, treatments, or medical record numbers. Social Security numbers and driver’s licenses were included for a small number of patients.

The investigation could not determine if the data contained in the accounts were viewed by the attacker. Alomere Health has since implemented strengthen security measures on its email accounts, while providing staff with further security training.

Enloe Medical Center Ransomware Attack

A ransomware attack on Enloe Medical Center in California last week forced officials to reschedule the elective procedures for some patients, according to local news outlet KRCR News.

All data stored on the hospital’s network was encrypted during the attack, which prevented clinicians from accessing patient information. Phone systems at the hospital and clinic also went down during the attack, but officials said they were restored by January 3.

Officials said they leaned on “well-planned and frequently practiced backup protocols” to ensure patient care was able to continue during the restoration efforts. As of January 8, the medical center is still working to restore access to its data network with help from the FBI and a security consultant.

RCM Vendor Breach Impacts Mercy Health Lorain Hospital

An error in the medical invoices generated on behalf of RCM Enterprises has spurred a HIPAA breach notification for patients of Mercy Health Lorain Hospital Laboratory. RCM is a patient billing services vendor for Mercy Lab as a business associate.

Discovered on November 7, several batches of medical invoices created and mailed by RCM’s mailing vendor were incorrectly printed. As a result, patient names, Social Security numbers, and addresses appeared in the clear mailing window, instead of the names and mailing addresses of those patients.

The mailings were sent between August 14 and October 16, 2019. RCM launched an investigation into the security incident, which included a review of the mailed invoices and the processes used by RCM’s mailing vendor during the invoice process.

Children’s Choice Pediatrics’ Ransomware Incident

About 12,689 patients of Children’s Choice Pediatrics in Texas are being notified that their data was potentially compromised during a ransomware attack in October.

On October 27, officials said they discovered a ransomware infection on its network that encrypted patient data. The network was secured, and officials launched an investigation with assistance from an outside cybersecurity firm.

Some patient data was permanently deleted during the restoration attempts. Children’s Choice joins a growing list of provides to lose data during a ransomware attack, including Ferguson Medical Group, Betty Jean People’s Health, and Brookside ENT and Hearing Center, which shuttered after hackers deleted patient files.

Children’s Choice has since strengthened its security measures and ensured its networks and systems are secured.

Native American Rehabilitation Association Breach Impacts 25K Patients

About 25,187 patients of the Native American Rehabilitation Association are being notified that their sensitive data was potentially breached after a malware infection. NARA providers physical and mental health, as well as substance abuse treatment services and education to Native Americans.

The cyberattack began on November 4, where the malware bypassed the initial security measures. The attack was detected later in the afternoon and fully contained the next day. All email account passowrds were reset on November 6.

The investigation determined the infection was Emotet malware, a notorious trojan malware variant often paired with other malicious payloads like ransomware or email harvesters. Emotet is also known to steal credentials and exfiltrate emails.

As a result, NARA officials said it’s possible the hackers were able to obtain the impacted emails and their attachments. For 344 patients, their data was either accessed or there’s a high risk of compromise. For one group of patients, there was no evidence of unauthorized access.

The compromised data included patient names, Social Security numbers, contact details, dates of birth, patient identification numbers or medical record numbers.

NARA has upgraded its endpoint protection tool on all computer systems, as it reviews its security policies and procedures and further trains staff on security awareness. Officials said they are continuing to investigate the security incident alongside cybersecurity experts and law enforcement.

“As we’ve all heard in the news, hackers and malicious computer programs are increasingly targeting all kinds of organizations—from giant retail stores to banks, and certainly many healthcare organizations,” said Jacqueline Mercer, CEO of NARA NW, in a statement. “It is sad that there are people in the world whose intent is to cause harm and distress to vulnerable populations such as our clients.”

“Words cannot express how truly sorry we are that our clients and NARA NW have been subjected to this malware attack,” she added. “We take our responsibility to protect and take care of our clients and their personal information very seriously.”

Ongoing Ransomware Attack on eHealth Saskatchewan

Hackers have infected the electronic health record of the Saskatchewan government and are demanding the government pay an undisclosed ransom to unlock the files, according to local news outlet The Star.

Currently, the government is locked out of some of its computer systems, including the EHR that contains the health data of Saskatchewan residents. Staff can’t access some administrative files, but officials said there’s no evidence the patient data has been compromised.

eHealth is continuing to monitor the situation, and officials said they will not pay the ransom to restore access. Law enforcement has been contacted.

Next Steps

Dig Deeper on Healthcare data breaches