Another 15,000 patients were added to the tally of breaches from the Eye Care Leaders ransomware attack nearly a year ago.
Massengale Eye Care issued a breach notice to patients at the end of October, informing them that their data had also been compromised in what remains the largest incident reported in the healthcare sector this year in nearly 3.7 million affected the patients.
While mainstream media have recently warned that the CommonSpirit Health A cyberattack could affect 20 million patients, the massive healthcare system’s financial report this week again said they were still investigating and found no evidence of impact on patient data. As such, ECL still holds the questionable first position.
As reported, ECL’s EMR was hit by a ransomware attack on December 4, after a malicious actor gained access to the platform and deleted databases and system configuration files. Without the data, it was not possible to identify whether the data was accessed or exfiltrated prior to deletion.
The data compromised varied by provider and patient, and for Massengale the data could include names, contact details, dates of birth, social security numbers, diagnostic details and health insurance information.
ECL has not posted its own Notice of Violation to the Department of Health and Human Services as it defends against a vendor lawsuit accusing cloud provider EMR of covering up other deployed ransomware incidents earlier this year.
A number of suppliers affected by these alleged incidents spoken exclusively with SC Media, detailing their frustration with the obstruction. The lawsuit status was last updated in October, with at least 13 filings to extend the deadline for responding to claims and two more filings asking for the case to be dismissed. In these filings, ECL has repeatedly denied these allegations.
CorrectCare security incident rises to 607,000 people affected
Two other healthcare entities have filed notices of breach with HHS, after their medical claims processing provider CorrectCare informed them that their patient information had been exposed due to two misconfigured file databases. in July.
CorrectCare Integrated Health filed three notices with the HHS Office for Civil Rights as affecting 496,589 people, while its customers PrimeCare Medical and Mediko sent notices to 22,254 patients and 2,809 people, respectively.
Combined with the 85,466 defendants and detainees in the Louisiana Department of Public Affairs Security and fixes, the number of breaches has now reached 607,118.
As previously reported, the advisories stem from a security incident first detected by CorrectCare on July 6. Two file directories on CorrectCare’s web server were inadvertently exposed to the public internet and secured within nine hours.
The ensuing forensic investigation determined that the exposed database contained data of patients who had received care at the affected providers, dating back as far as January 1, 2012. The data included names, phone numbers social security, birth dates, inmate numbers, diagnostic codes or CPT codes, provider names and treatment dates.
The file directories did not contain any driver’s license numbers, financial account details or financial card information. CorrectCare has since implemented security enhancements to its systems.
Work Health Solutions reports email hack affecting PHI
Occupational health service provider Work Health Solutions recently notified an undisclosed number of patients that their data was exposed in an email hack more than six months ago.
The advisory does not explain when the unauthorized account access occurred, only that a single email account was hacked for more than a month between February 16 and March 24 of this year. The investigation confirmed that patient data was contained in the accounts on October 11.
As widely reported by SC Media, many email security incidents are reported far beyond the Health Insurance Portability and Accountability Act’s 60-day requirement, due to medical-legal challenges . HHS recently reminded the industry that timely reporting is required by HIPAA whether or not an investigation is underway.
For WHS, experts determined that the account contained patient names, social security numbers, driver’s license numbers, health insurance details and/or medical information. Not all patients were affected by the incident. Patients whose SSNs have been compromised will receive free credit monitoring services.
Phishing attack affects patients at 18K Gateway Ambulatory Surgery
Just over 18,000 patients linked to Gateway Ambulatory Surgery Center in North Carolina were recently notified that their data had been compromised in a phishing attack earlier this year.
The carefully written notice explains that access to two employee email accounts was first discovered in April, sparking a lengthy investigation that did not end until September. It’s unclear why the provider waited another two months to notify patients of the privacy breach.
The analysis confirmed that the access was caused by a phishing incident, which led to a three-month period of unauthorized access to these accounts between February 14 and May 10, a month after the discovery of initial access.
Access to emails and attachments cannot be excluded, prompting a comprehensive search of email content to identify impacted patient information. Gateway confirmed that the data could include health benefit enrollment data, health insurance details, medical history, patient account numbers and dates of service. A small set of SSNs and driver’s licenses were also exposed.
Gateway is currently working to improve its security measures by implementing a new endpoint detection and response system and providing employees with additional training.