Northwestern Memorial Hospital in Chicago learned that an ex – temporary employee may have accessed the health records of a number of patients without valid authorization while doing work at the hospital.
The hospital discovered the unauthorized information access on December 2, 2020. An evaluation of access records showed the person looked at patient data with no a job-related reason to do so between October 27, 2020 and December 2, 2020. The records likely viewed only contained names of patients, addresses, and treatment details. The person didn’t obtain access to financial data or Social Security numbers.
Northwestern Memorial Hospital released an announcement regarding the privacy breach saying that the information of 682 patients might have been accessed and affirmed that the non permanent staff is not working at the hospital anymore. It is uncertain why the data were accessed. The provider is informing all impacted patients about the privacy breach via mail and has reported the breach to the proper authorities.
Apex Laboratory Suffered a DoppelPaymer Ransomware Attack
Last July 2020, Apex Laboratory, a home laboratory services company in New York and South Florida, encountered a DoppelPaymer ransomware attack. The DoppelPaymer ransomware group uploaded a huge number of data files lately to its data leak site. The majority of the material included protected health information (PHI) of patients and sensitive worker details.
Databreaches.net states that after calling Apex Laboratory concerning the data breach, the dumped data files were taken off from the DoppelPaymer leak website. Apex Laboratory published a breach notification on its webpage on December 31, 2020 stating that it experienced a ransomware attack on July 25, 2020, however, the encrypted information was recovered on July 27, 2020.
It is assumed that the information uploaded to the leak site was acquired during the July cyberattack. Apex Laboratory affirmed that obtaining information regarding the dumped files, it took steps right away to make certain the attackers took down the information from the leak website. The dumped information is thought to have contained patient names, birth dates, laboratory test data, and the telephone numbers and Social Security numbers of a few patients.
The incident investigation is still continuing and the provider is going to send notification letters to affected individuals in a day or two.
Potential Breach of Patient Records at Five Points Eye Care
Five Points Eye Care based in Athens, GA has found that an unauthorized person obtained access to its system and likely viewed/got patient data. The breach took place on October 27, 2020 and was discovered and resolved the same day.
The breach just affected the email system that stored messages mailed to the optometrist from different treating doctors. The information in the messages included names, dates of birth, Social Security numbers, addresses, medicines, and treatment options. A forensic inspection affirmed that the unauthorized individual did not see any other data.
Five Points Eye Care submitted the data breach report to authorities, sent notifications to impacted persons and made available complimentary credit monitoring services for 12 months.