Tag: patients | Page 5

Systems hack enables data theft, access for 8.9M MCNA Dental patients

June 2, 2023/in Internet Security

The health information tied to 8.9 million patients enrolled in Florida Healthy Kids Corporation (FHKC) and the Florida Agency for Health Care Administration’s Medicaid insurance programs was stolen after a systems hack on MCNA, their dental benefits and services provider.

MCNA Dental works with state Medicaid agencies, Children’s Health Insurance Programs, private entities, and other insurance plans. The notice only refers to FHKC and Florida’s HCA.

With nearly 9 million impacted, the incident is now the largest healthcare data breach reported by a single entity so far this year, followed by Pharmerica (5.2 m i l l i on patients), Regal Medical Group (3.3 million), Cerebral (3.18 million), and NationsBenefits (3.04 million).

Discovered on March 6, a threat actor gained access to the MCNA system to both access and exfiltrate copies of data stored in the network for several weeks between Feb. 26 and March 7. The investigation also found certain systems were “infected with malicious code.”

The stolen data varied by individual included full names, contact details, dates of birth, email addresses, Social Security numbers, driver’s license numbers or other government-issued ID numbers, health insurance plan data, conditions, diagnoses, treatments, and insurance claims. The data was tied to children and their guardians.

Upon discovery, MCNA contacted law enforcement and has been cooperating with their investigation. The benefits manager has since bolstered its systems security.

For FHKC, this is the second vendor-related breach affecting its patients in the last two years. Reported in early 2021, its vendor, Jelly Beans Communications Design, failed to patch multiple website vulnerabilities and enabled a threat actor to access and tamper with patient data for more than seven years. The incident was one of the largest healthcare data breaches in 2021.

Idaho Falls Community Hospital diverting patients after cyberattack

Mountain View Hospital, Idaho Falls Community Hospital, and its partner clinics are working to recover from an ongoing cyberattack in electronic health record downtime procedures, diverting ambulances and canceling some appointments to ensure patient safety.

Medford Radiology…

Source…

Harvard Pilgrim warns patients after ransomware attack

May 24, 2023/in Internet Security

Harvard Pilgrim warns patients after ransomware attack – CBS Boston

Watch CBS News

Personal information was stolen during a ransomware attack. WBZ-TV’s Kristina Rex reports.

Source…

US pharmacy giant says hackers accessed personal data of almost 6 million patients

May 16, 2023/in Computer Security

One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients.

PharMerica operates more than 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs.

In a data breach notification filed with Maine’s attorney general, PharMerica said it learned of suspicious activity on its computer network on March 14. An internal investigation revealed that an “unknown third party” accessed its systems days earlier and stole the personal information of 5.8 million current and deceased individuals, including 35,000 patients based in Maine.

In a letter sent to affected patients, the Kentucky-based company said hackers obtained patients’ names, dates of birth, Social Security numbers, medication and health insurance information.

But samples of the leaked data, seen by TechCrunch, suggest the hackers also stole the protected health information of at least 100 patients, including allergy information, Medicare numbers and detailed diagnoses, including details about alcohol, drug and mental health-related illnesses.

This stolen data was published on the dark web leak site of the Money Message ransomware gang, a relatively new operation first observed in March, which took credit for the cyberattack. Money Message claims to have stolen a total of 4.7 terabytes of data from PharMerica and its parent company BrightSpring Health, a home and community-based health service provider.

The same ransomware gang claimed responsibility for the cyberattack on Taiwanese hardware maker Micro-Star International, known as MSI, which compromised reams of data, including the company’s private code-signing keys.

Neither PharMerica nor BrightSpring Health has confirmed that the nature of the incident was ransomware, and BrightSpring Health spokesperson Leigh White did not respond to TechCrunch’s questions.

In a statement posted to its website, PharMerica said it is taking additional steps to help reduce the likelihood of a similar event happening in the future, but did not specify what these steps are.

With almost six million patients affected, the PharMerica…

Source…

LVHN ransomware attack affected almost 2,800 patients – Times News Online

April 15, 2023/in Internet Security

Published April 14. 2023 02:45PM

by Jarrad Hedes [email protected]

A ransomware attack on Lehigh Valley Health Network led to sensitive photos of nearly 2,800 cancer patients leaked on the dark web, according to a recent court filing.

The data breach led to a class-action lawsuit against LVHN, which is trying to move the matter from Lackawanna County Court to U.S. District Court.

“From the information published on the dark web, it is apparent that well in excess of two-thirds of the individuals from the security breach are from Pennsylvania, and in particular northeastern Pennsylvania,” Patrick Howard, an attorney for the class-action members impacted by the breach, wrote in a letter to U.S. District Judge Malachy Mannion this week. “LVHN has identified 2,760 individuals who are victims of the security incident and it should be required to simply confirm whether more than 920 of those individuals reside outside of Pennsylvania.”

The matter, Howard said, arises from a data breach that began at some point in January. After learning of the breach in February, he added, LVHN refused the data hacker’s demands to pay a more than $5 million ransom and as a result, the hackers, on March 10, posted nude images of numerous LVHN patients on the dark web.

“In addition to the nude photographs, there are thousands of medical records, personnel files (both current and former employees), treatment plans, billing records, and other sensitive information posted for anyone to download,” Howard said.

The plaintiff, identified as Jane Doe, notified LVHN on April 4 that she was seeking an injunction to have the ransom paid so the sensitive information would be removed from the dark web and to require LVHN notify those impacted by the security breach so they are made aware that their personal information is/was available for download from the dark web.

In a statement disclosing the attack on Feb. 20, Brian Nester, president and CEO of Lehigh Valley Health Network, said…

Source…

Tag Archive for: patients

Idaho Falls Community Hospital diverting patients after cyberattack