Data Breaches Reported by Northeast Rehabilitation Hospital Network and First Street Family Health

First Street Family Health located in Salida, CO has encountered a harmful cyberattack that resulted in the extraction of files comprising patient data and then wiped out from its systems. It’s now common to have this kind of attack. Information is stolen, erased, and then the attackers issued threats to post or offer the information for sale if the victim does not pay the ransom. However, files aren’t encrypted with the use of ransomware.

First Street Family Health stated that it detected the cyberattack on July 16, 2022. The investigation confirmed that the threat actors initially acquired access to its networks on July 5, 2022. The company blocked the unauthorized access on July 16. Electronic medical records dated June 28, 2021 to July 15, 2022 had been deleted. Although those records had backup copies, the copies were likewise erased thus the data in those files were lost. There was no proof found that indicates the theft of those records. Medical referral forms kept on the affected computer systems might have been viewed or obtained, nevertheless, those data were successfully retrieved from backups.

The breached records included the following: full names, addresses, phone numbers, birth dates, email addresses, nature of services, dates of services, diagnoses, conditions, lab results, medicines, health insurance ID cards and numbers, billing details, and Social Security numbers.

Breach notification letters were mailed to impacted people on August 26, 2022, and complimentary memberships to credit monitoring service by CyberScout were offered. First Street Family Health mentioned a national cybersecurity company assisted with the investigation and carried out a security review, and extra security procedures are being enforced based on the company’s advice.

The incident is not yet posted on the HHS’ Office for Civil Rights breach portal, so it is currently uncertain how many persons have been affected.

Northeast Rehabilitation Hospital Network Alerts Patients About Cyberattack in 2021

Northeast Rehabilitation Hospital Network (NRHN) based in Salem, NH has started notifying patients about the potential access of unauthorized individuals to its computer systems and sensitive information may have been obtained. The data breach was discovered on September 30, 2021 because of suspicious activity within its network. The following investigation affirmed the exposure of its network from September 30, 2021 to October 5, 2021.

NRHN stated the delay in sending notification letters to impacted people was due to the time-consuming process of analyzing all affected data on its systems, and that process was not finished until August 3, 2022. Currently, breach notification letters are being delivered and individuals will be notified in those letters regarding the types of information that were impacted. NRHN mentioned it is not aware of any actual or attempted patient data misuse and that it provided credit monitoring and identity theft protection services to affected persons.

As of this time, the exact number of impacted individuals is still uncertain.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone