Site icon SnapInHIPAA

PHI Potentially Exposed in Hacking Incidents at Three Healthcare Companies

Prairie Lakes Healthcare System Hacked

Prairie Lakes Healthcare System located in Watertown, S.D. has discovered that an unauthorized man or woman has obtained access to a number of its IT systems.

The healthcare system identified the occurrence on October 6, 2021, when portions of its network had experienced issues. Speedy action was done to separate the affected systems and block further unauthorized access. A third-party cybersecurity firm looked into the incident and aided in the remediation efforts.

Prairie Lakes Healthcare mentioned all the breached systems were currently functioning; nevertheless, the security breach investigation is still ongoing. At this level of the investigation, there’s no evidence of unauthorized access or patient data exfiltration. If patient information is deemed to have been breached, the healthcare system will mail notification letters to the affected individuals.

Unauthorized Network Access of the Urology Center of Colorado

The Urology Center of Colorado (TUCC) has learned that an unauthorized person acquired access to parts of its computer system. The security incident was noticed and blocked last September 8, 2021. An inquiry into the breach affirmed that the attack began the prior day.

The breached segments of its network were assessed to find out if any patient files were viewed. TUCC mentioned the analysis uncovered the compromise of these types of PHI: name, Social Security number, birth date, address, email address, telephone number, health record number, diagnosis, treating doctor, insurance firm, treatment expense, and/or name of the guarantor.

TUCC mentioned it modified account passwords to avert continuing unauthorized access and it thought about added security procedures to avert further security breaches. As a safety measure, TUCC is giving free credit monitoring and identity protection services to impacted persons.

TUCC already sent a breach report to the HHS’ Office for Civil Rights, nevertheless, it hasn’t shown up yet on the breach website of OCR, therefore it is presently unknown how many people were affected.

Mowery Clinic Alerts Patients Regarding September 2021 Cyberattack

Mowery Clinic based in Salina, KS, has begun informing selected patients concerning a cyberattack that was identified on September 14, 2021. Action was promptly taken to protect its systems and stop continuing unauthorized access. A third-party cybersecurity company helped in the conduct of a forensic inquiry.

The forensic investigation affirmed that the attacker did not get access to the electronic health record system, however, malware was used that made it possible for the attacker to view and acquire records that included worker and patient data.

At this time, the investigation did not reveal any proof of any attempted or actual misuse of patient information. The types of data possibly acquired consist of names, addresses, birth dates, medical data like office/diagnostic notes, and some Social Security numbers. In certain instances, details with regards to the spouse, dependents, minor children, or beneficiaries of employees might have been breached.

The investigation of the incident is still ongoing to find out exactly how the attackers gained access to its network. Suitable measures are going to be enforced to avoid identical breaches later on.


Exit mobile version