The medical equipment firm NuLife Med LLC located in Manchester, NH, has lately reported that it suffered a cyberattack in March 2022. It detected suspicious system activity on or about March 11, 2022, and took action right away to avoid continuing unauthorized network access. The firm started an investigation to find out the nature and scope of the attack and to aid in re-establishing its network and systems. The investigation affirmed that unauthorized people got access to its network from March 9 to March 11, 2022, and possibly viewed and copied files from its systems.
It cannot be determined which files were accessed or stolen from its systems, nor the precise number of files that were viewed or extracted. NuLife Med mailed notification letters to all persons likely impacted. The evaluation of the files showed they mainly included protected health information (PHI) like names, addresses, health details, and/or medical insurance data. The driver’s license data, Social Security numbers, and/or financial account or credit card details of a small number of persons were likewise compromised.
NuLife Med stated it is presently going over records to attempt to find out which people had data beyond healthcare and/or health insurance details affected, and extra notifications are going to be sent to those persons as soon as the breach investigation is over. NuLife mentioned it hasn’t gotten any report thus far that suggests the misuse of any patient data.
The data breach report was sent to the HHS’ Office for Civil Rights indicating that 81,244 people were impacted.
Cyberattack and Data Theft Reported by Schneck Medical Center
Schneck Medical Center based in Seymour, IN, has begun informing a number of patients that some of their PHI were included in data files that were extracted from its networks.
The medical center didn’t say in its notification whether it detected the security incident but stated that a forensic investigation and manual document analysis were performed which confirmed on March 17, 2022, that files were extracted from its networks on or about September 29, 2021.
The files included names in addition to at least one of these data elements: Address, birth date, driver’s license/state ID numbers, medical record number, other internal ID numbers, medical diagnosis, and conditions details, and medical insurance/claims details. The files additionally included some Social Security numbers, payment card details, and financial account details.
Schneck Medical Center stated no proof was discovered that indicates any attempted or actual misuse of patient information; nonetheless, as a safety measure, persons possibly at risk were provided free credit monitoring services. Notification letters had been mailed to impacted persons on May 13, 2022.
An evaluation was done of its security systems, guidelines, and procedures, and extra security steps are being enforced to avoid identical occurrences down the road.