Vitalii Gulenok/istock via Getty
Weiser Memorial Hospital investigates potential data breach
Idaho-based Weiser Memorial Hospital is investigating a potential data breach after cyberthreat actors claimed to be in possession of the hospital's data.
Weiser Memorial Hospital, a critical access hospital in Idaho, notified patients of a cybersecurity incident that occurred in September 2024. According to a post by the hospital on Facebook, a cyberthreat actor claimed responsibility for the incident and claimed to be in possession of data as a result of the cyberattack.
WMH began communicating with patients about network issues on Sept. 5 via Facebook. At the time, WMH noted that its computer systems were down and warned patients to expect delays for certain services.
WMH experienced intermittent phone outages throughout the following weeks. A Sept. 19 update assured patients that WMH would provide further information as it becomes available. On Oct. 2, WMH confirmed that it had experienced a cybersecurity incident and took action to secure its environment.
The hospital said it was investigating the cyberthreat actor's claims and would notify patients if any sensitive data was involved.
"The protection of patient and employee information is a top priority to WMH, and this incident is being taken very seriously," the hospital stated. "We are committed to continuously improving our cybersecurity controls and will be evaluating security enhancements that can be implemented to reduce the likelihood of a similar incident reoccurring."
Hawaii clinic notifies 124K of LockBit hack
Community Clinic of Maui, which does business as Mālama I Ke Ola Health Center, notified nearly 124,000 individuals of a cyberattack and data breach that occurred in May 2024. LockBit 3.0 cyberthreat actors claimed responsibility for the hack.
In a notice provided to the Maine attorney general's office, the community clinic stated that it experienced a cybersecurity incident on May 7, 2024, that affected its network connectivity. Mālama conducted an investigation and concluded that personal data might have been subject to unauthorized access or acquisition.
The data involved in the breach potentially included Social Security numbers, bank account information, clinical information, login information and biometric data.
Mālama said it had no evidence that any personal information had been misused for identity theft as a result of this cyberattack. The community clinic provided breach victims with best practices to safeguard their information as well as complimentary credit monitoring.
Speech-generating device developer suffers data breach
Ohio-based PRC-Saltillo, a medical equipment manufacturer that produces speech-generating devices and several augmentative and alternative communication tools, notified nearly 52,000 individuals of a data breach that it discovered on Aug. 21, 2024. PRC-Saltillo identified suspicious activity on its computer network and later discovered that an unauthorized actor had copied certain files and folders from its network.
The company experienced system and website downtime as it worked to recover from the incident.
The breached information potentially included names, addresses, Medicare and Medicaid plan names, information on the medical device purchased, treatment cost information and health insurance policy numbers.
The company said that it immediately launched an investigation and reviewed its policies and procedures related to the storage of sensitive information.
In a separate notice regarding the system outages that the cyberattack caused, PRC-Saltillo informed customers that the affected data did not include data contained on customer-facing services.
"Although communication is our passion, the protection of data is our highest priority," the company stated.
"Even though cybersecurity events are unfortunately part of our world today, the advanced security measures we have in place (e.g., multi factor authentication, encryption and continuous monitoring) minimized the impact. Additionally, we use compliant 3rd party systems to handle and secure all credit card information and none of those systems were impacted."
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.