Tag Archive for: patients

Tampa General Hospital hack affects data of 1.2M patients

/in


Tampa General Hospital says an “unauthorized third party” hacked its computer network in May and obtained personal data — including Social Security numbers — of about 1.2 million patients.

The hospital says it discovered “unusual activity” on its systems on May 31. An investigation determined the hack by a “criminal group” occurred between May 12 and May 30, according to a statement posted Wednesday on its website.

Tampa General, one of the state’s largest hospitals and a Level 1 trauma center, reported the “cybersecurity event” to the FBI.

“We immediately took steps to contain the activity and began an investigation with the assistance of a third-party forensic firm,” the hospital says. “Fortunately, TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.”

A review found the stolen patient data varied by individual. The hospital says its “may” have included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, account numbers, dates of service and limited treatment information used for business operations.

Tampa General says patients who may have been affected will receive notification by mail.

The hospital says complimentary credit monitoring and identity theft protection will be available to patients whose Social Security number was involved.

“Patients are encouraged to review statements from their health insurer and health care providers, and to contact them immediately if they see any services they did not receive,” the hospital says.

The hospital adds that its electronic medical record system was not involved or accessed.

“The hospital is continuously updating and hardening systems to help prevent events such as this from occurring and has implemented additional defensive tools and increased monitoring,” the statement says.

Tampa General is a private nonprofit hospital with more than 1,000 beds. It is also a teaching hospital affiliated with the University of…

Source…

181,000+ patients affected after hackers breach Pennsylvania cardiology group

/in


A Scranton, Pa.-based cardiology group’s computer network was invaded by hackers, who potentially obtained private data of 181,764 patients, The Times-Tribune reported June 12.

Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology, was hacked on Feb. 2, but the breach was not discovered until April 13, the system said. The health system did not announce the breach for two months in order to conduct a forensic investigation to identify everyone affected.

Information obtained varied by person, but included names, addresses, demographic information, Social Security numbers, driver’s license and passport numbers, and credit card or debit card and bank accounts, as well as health insurance, claims and medical information.

Annmarie Poslock, a Commonwealth Health spokesperson, told the news outlet that there was no indication the hackers used the information “in any way.” 

The system learned of the incident from the Department of Homeland Security, which tracks potential cyber threats. The cardiology group disconnected its network and referred the matter to law enforcement. 

“The unauthorized parties no longer have access to the GVC (Great Valley Cardiology) network,” Ms. Poslock said. She added that the hackers used a specialized software to generate passwords until it found the right one.

Affected clients were mailed notices, and a notice about the breach was posted on the website. The system is offering affected people free access to Experian IdentityWorks SM for 24 months to provide ID restoration and credit monitoring services.

Source…

Records of more than 181,000 patients, others at Scranton cardiology group latest to be hacked in NEPA

/in


Jun. 12—Hackers breached a Scranton cardiology group’s computer network and potentially obtained the private data of 181,764 patients and others, the Commonwealth Health System announced Monday.

It is the latest in a series of breaches targeting Northeast Pennsylvania medical providers, including one involving Commonwealth Health hospitals.

The breach of the cardiology group first occurred Feb. 2 in data maintained by Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology (GVC). The breach wasn’t discovered until April 13, the system said in a news release.

In explaining why the health care system did not announce the breach until Monday, officials said they needed two months to conduct a forensic investigation to identify everyone affected.

The information exposed, which varied from person to person, included: names, addresses and demographic information such as dates of birth; Social Security, driver’s license and passport numbers; credit card or debit card and bank accounts; and health insurance, claims and medical information. The medical information includes dates of service, diagnoses, medications and lab results.

In an email, Commonwealth Health spokeswoman Annmarie Poslock said the cardiology group has no indications the hackers used the information “in any way.”

Poslock said the group learned of the incursion from the U.S. Department of Homeland Security, which tracks potential cyber threats.

The cardiology group disconnected its network from the internet, disabled VPN access to prevent further access and referred the matter to law enforcement, according to the news release.

“The unauthorized parties no longer have access to the GVC (Great Valley Cardiology) network,” Poslock said.

The forensic investigation found that the hackers used a “‘brute force’ access attempt.”

“This is where the unauthorized party uses specialized software to generate passwords until one is successful,” she said. “Once the computer software found a real password, the unauthorized parties used that password to enter the GVC network. Where an unauthorized party has access to a network through a real set of credentials, it is often difficult to detect their presence…

Source…

Ransomware breach hits US dental insurance giant, loses data of 9 mn patients, ET CIO

/in


The personal information of nearly nine million people in the US has been compromised in an apparent ransomware attack on one of the country’s largest dental health insurers.

US-based dental insurance giant Managed Care of North America (MCNA) Dental, said: “On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away.”

Moreover, the company learned that a criminal was able to see and take copies of some information in their computer system between February 26 and March 7, 2023.

According to a data breach notification filed with Maine‘s attorney general, the hack affected over 8.9 million MCNA Dental clients, reports TechCrunch.

The LockBit ransomware group claimed responsibility for the cyberattack and claims to have published all of the files it stole from MCNA Dental after the company refused to pay a $10 million ransom demand.

According to a listing on LockBit’s dark web leak site, the notorious ransomware gang stole 700GB of data during the intrusion, the report said.

The stolen data includes a trove of personal information from patients, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licences or other government-issued ID numbers.

Hackers also gained access to patient’s health insurance information, such as plan information and Medicaid ID numbers, as well as bill and insurance claim information, according to MCNA Dental.

Meanwhile, PharMerica, a leading pharmacy service provider in the US, which operates in more than 2,500 facilities across the country and offers over 3,100 pharmacy and healthcare programmes, has disclosed a data breach that compromised the personal information of nearly six million patients.

    Join the community of 2M+…

Source…