Over 260,000 Patients Affected by Cybersecurity Attacks

A ransomware attack on Assured Imaging in Tucson, AZ enabled attackers to encrypt its medical record system. Assured Imaging is a Rezolut Medical Imaging subsidiary and provider of Health Screening and Diagnostic Services.

Assured Imaging uncovered the ransomware attack on May 19, 2020 and worked immediately to halt more unauthorized access and regain the encrypted files. With the assistance of an independent computer forensics company, Assured Imaging conducted an investigation of the ransomware attack to ascertain the range of the breach. The investigation uncovered an unauthorized person obtained access to its record systems from May 15, 2020 to May 17, 2020 and exfiltrated limited information before ransomware deployment.

The forensic investigation revealed that data was stolen though it was impossible to ascertain specifically which data the hackers exfiltrated. Assured Imaging carried out a evaluation to determine all types of data that may have been viewed. The compromised system was determined to have full names, dates of birth, addresses, patient IDs, facility visited, treating doctor’s names, medical records, treatment completed, evaluation of the service conducted, and advice on future examination.

Assured Imaging receivend no report of misuse of patient information nevertheless the service provider instructs all affected persons to keep an eye on their financial accounts and credit reports for any hint or fake activity.

Assured Imaging filed an incident notice to police authorities and the Department of Health and Human Services’ Office for Civil Rights. As posted onAs posted on the OCR breach website, the attack impacted about 244,813 people.

6,000 Roper St. Francis Healthcare Patients Impacted by Email Breach

Roper St. Francis Healthcare based in Charleston, SC encountered a data breach that involved one email account. The provider discovered the breach on July 8, 2020, but the inquiry into the breach showed that the email account compromise happened between June 13, 2020 and June 17, 2020.

The forensic investigators established that the email account comprised patients’ names, health record or patient account numbers, birth dates, and limited medical and/or treatment data, which include diagnoses, names of providers, and/or procedure details. The medical insurance data and/or Social Security numbers of selected persons were likewise kept in the email account. The breach affected roughly 6,000 individuals.

Roper St. Francis Healthcare offered free credit monitoring and identity theft protection services to the persons who had their Social Security number exposed. Staff education on email security has been strengthened and email security procedures have been enhanced.

This isn’t Roper St. Francis’s first phishing attack incident reported this 2020. In February, the medicl company reported the exposure of the email accounts of 13 workers because of a phishing attack from November 15 2018 to December 1, 2018. The protected health information (PHI) of 35,253 patients was exposed in the incident.

Impermissible Disclosure of PHI of 10,000 Hamilton Health Center Patients

Hamilton Health Center, Inc. based in Harrisburg, PA has reported the impermissible discolosure of the PHI of 10,393 people because of a phishing attack recently.

Hamilton Health Center discovered on June 19, 2020 the sending of a spreadsheet that contains patient data to an unauthorized person in response to a phishing email. The spreadsheet comprised patients’ full names, birth dates, member IDs, and one or more of these data components: Diagnosis, treatment, physical ailment prescription drugs, dates of lab tests and/or tests, and/or the provider’s name.

Though the preceding information were impermissibly exposed, there is no report received that suggest the misuse of any information. Hamilton Health Center encouraged the affected persons to keep track of their explanation of benefits statements for any indication of data misuse.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone