Family of Woodstock and Viverant Suffer Cyberattacks

Family of Woodstock (FOW), a New York company providing crisis intervention, information, protection, and support solutions, has encountered a cyberattack that caused the potential exposure of the protected health information (PHI) of 8,214 people.

FOW detected the cyberattack last August 3, 2021, and took steps promptly to remove the attackers from its network and reestablish its systems and functions. Third-party forensic experts were involved to find out the nature and extent of the breach, with the first period of the investigation closing on September 11, 2021.

FOW reported the investigation established that the hackers acquired access to sections of its system that stored PHI like last and first names, phone numbers, email addresses, physical addresses, birth dates, driver’s license numbers, Social Security numbers, medical record numbers, medical record, diagnosis, treatment, ailment, and health insurance data. During the time of issuing notifications, no evidence had been uncovered implying any attempt or actual improper use of data.

FOW has carried out further cybersecurity measures, is strengthening its policies and processes, and is offering extra cybersecurity training to the staff.

Physical Therapy Center Alerts 6,500 Patients of PHI Compromise

Physical therapy center Viverant PT, LLC located in Minneapolis, MN is informing 6,500 present and previous patients concerning a cyberattack in March 2021 that compromised their PHI.

Viverant PT discovered the breach on March 9, 2021, upon noticing suspicious emails coming from a worker’s email account. The IT staff secured the email account right away and took action to correct and control the breach. A thorough assessment was performed of its email system, which affirmed that just one email account was compromised nevertheless it included a wide variety of sensitive information.

There was no proof uncovered that suggests any actual or attempted patient data misuse, nevertheless, the probability of data theft cannot be eliminated. Viverant stated that the patients had different types of information in the account, which might have contained these data elements: name, birth date, address, Driver’s license number Social Security number, health record number, diagnostic/treatment details, date of service, debit/credit card number including security code or password, medical insurance data, financial account number including routing or password number, prescribed drugs, username and security questions and answers, electronic signature, and vehicle identification number (VIN).

Viverant reported a top-rated security agency was employed to support the investigation and resolve the attack. To strengthen the security of its programs and procedures, supplemental measures were enforced including

  • modifying passwords
  • using stronger authentication
  • doing more training of the personnel
  • hiring national privacy and security specialists to aid with its current security

Viverant stated free credit monitoring services were given to impacted persons.