Breach, Incident Response

Digital health company myNurse reports data access, will stop operations

Digital health company myNurse notified patients of a hack, as well the end of clinical operations, but stressed the two were unrelated. Pictured: A U.S. Navy hospital corpsman inventories medical tools for a simulated surgery April 12, 2022, aboard the USS George H.W. Bush aircraft carrier. (Mass Communication Specialist 3rd Class Brandon Roberson...

Digital health company myNurse, also known as Salusive Health, recently notified patients of a systems hack that led to the access of their personal and protected health information. Officials also announced it would end its clinical operations by the end of May, stressing the closure is unrelated to the hack.

Leveraging AI, myNurse supports provider offices with setting up remote patient monitoring and chronic care management services, while supporting patients with monitoring vitals, one-on-one coaching and care coordination. The platform also enables insights into the most effective approach for each patient, based on medical histories, motivation-levels, and the similar insights.

According to a recent notice, a systems hack discovered March 7 led the security team to contain and mitigate the incident. Restoration efforts terminated the activity, while the team worked to secure the network.

The subsequent forensic investigation supported by an outside cybersecurity firm determined a hacker accessed certain personal and protected health data. So far, they’ve found no evidence the information was posted, misused or otherwise shared.

The impacted data could include names, contact information, dates of birth, medical histories, diagnoses, treatments, dates of service, lab test results, prescriptions, provider names, medical account numbers, health insurance policies and group plan numbers, group plan providers, and claims data.

After the investigation, Salusive “made the difficult decision to cease clinical operations” by May 31.

“This will allow for an orderly hand off of chronic care management and remote patient monitoring services back to your primary care physician,” officials explained. “This development is unrelated to the data security incident we experienced and does not affect the care you receive from your medical professional.”

Patients were also informed they could keep the devices received from the company. The notice contains no further information into the hack and whether ransomware or extortion was involved. The myNurse site shows the vendor has partnerships with Medicare, United Healthcare, and other industry stakeholders.

Cyberattack hits LA County Department of Mental Health

The Los Angeles County Department of Mental Health (DMH) recently began informing certain clients that their data was compromised after a “malicious cyberattack” and subsequent employee email hacks.

The attack occurred between Oct. 19, 2021, and Oct. 21, 2021, which enabled a hack to obtain the login credentials of three employees through a successful phishing attack. The credentials were tied to the employees’ Microsoft Office accounts. The emails were sent “from a trusted business partner whose email server the actor or actors had compromised.”

The compromised partner accounts allowed the attacker to pivot its efforts to DMH, targeting employees with multiple phishing emails.

The investigation showed the cyberattack likely gave the attacker access to certain personal data, such as names, contacts, dates of birth, driver’s licenses, Social Security numbers, health information, insurance details, and financial account numbers. The data was tied to certain DMH clients.

The impacted accounts were initially disabled to stymy the impact of the hack, and the impacted credentials and multi-factor authentication were also reset. Law enforcement was also notified, which resulted in the delayed patient notices, officials explained.

DMH is currently reviewing and updating its security policies, procedures, and controls. Officials added that they’ve “also notified Microsoft of the vulnerability in the Microsoft Office 365 multi-factor authentication that was exploited by the malicious actor or actors.”

ADA reports ongoing outage due to “cybersecurity incident”

An ongoing “cybersecurity incident” at the American Dental Association is causing disruptions for some connected clients, including the Texas Dental Association and the New York Dental Association.

The incident marks the sixth U.S.-based healthcare provider to face outages over a cyberattack this year. Tenet Healthcare, Oklahoma City Indian Clinic, and Taylor Regional Hospital are still facing outages to certain systems after facing similar attacks. The attacks on the latter two providers began more than a month ago.

ADA first reported “technical issues” tied to a cybersecurity incident on April 23 in an email to members. The issue impacted member-only access to both the ADA and TDA websites. ADA officials began isolating the incident with support from outside specialists, while stressing that “a data breach has not occurred.”

However, the incident prompted ADA to shut down and isolate all systems until the issue is fully resolved.

The latest update from TDA shows the incident was indeed a cyberattack deployed on April 21, currently under a “vigorous investigation” in cooperation with federal authorities, which is causing technical difficulties. 

“The ADA recognizes unsubstantiated reports are being circulated by organizations with no connection to this investigation,” officials said in a notice. “ADA is working closely with third-party cybersecurity specialists and federal authorities…” and will send an update soon.

TDA stressed that it doesn’t have detailed information on the incident, noting to members that there are various articles circulating online about the incident. The notice is likely referring to a number of media reports that purport the new Black Basta ransomware group is behind the attack, but ADA has denied those reports.

For now, there’s no estimated timeframe for recovery. For TDA, the incident is impacting the management of member data as it’s connected to the ADA membership management system. The Aptify platform remains shut down due to the cybersecurity incident, which has left certain ADA member groups without access to the data.

The outage is also impacting the ability of dentist members to access the members-only content on the TDA and ADA websites.

TDA is working directly with its IT consultants to ensure the security of its internal systems, while consulting with third-party computer forensic leaders to reduce the chance of a cyberattack in its own environment, which has not been directly affected by the ADA incident. The TDA workforce also went through cybersecurity training in February 2022.

The group is urging all members to contact their own IT professionals to ensure they’re adhering to best practices.

Valley View Hospital Association reports email hack affecting PHI

The protected health information of an undisclosed number of patients tied to the Valley View Hospital Association was potentially accessed during the hack of four employee email accounts in January.

First discovered on Jan. 19, a hacker accessed the accounts containing patient information. The accounts were quickly secured to prevent further access, in addition to launching a forensic review with outside assistance to assess the incident and impact on network computers.

“We do not believe that any personal information was removed from our system,” officials said in a statement. A review of the email contents concluded on Mar. 29 and confirmed patient data was contained in the impacted accounts. The notice provides no further information into the type of data potentially accessed during the incident.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.