Incident Response, Ransomware

South Denver Cardiology cyberattack, data access impacts 287K patients

South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year.

The cyberattack was launched against the computer network on Jan. 4, which prompted the security team to launch incident response processes, take steps to secure the network, and shut down certain computer systems. Law enforcement was also notified.

The provider launched an investigation support from an outside forensic firm, which confirmed a hacker first gained access to the network two days prior to the attack and used the systems access to view certain files stored on the system. The notice does not mention any data exfiltration.

The investigation determined the compromised files contained patient information, such as names, Social Security numbers, drivers’ licenses, dates of birth, patient account numbers, health insurance data, provider names, dates and types of service, diagnoses, and other clinical data.

South Denver Cardiology confirmed there was no impact to the electronic health record system or its medical records, nor was the patient portal affected by the hack.

Third-party ransomware attack impacts 67K Highmark patients

A ransomware group hacked third-party vendor Quantum Group during the second half of 2021, resulting in the leak of personal and health information of some of its clients. Data belonging to insurer Highmark were among the files stolen from the Quantum network, including the health information of 67,147 patients.

Quantum provided the insurer with printing and mailing services in 2017 via Highmark’s marketing vendor. Highmark issued a press release earlier this week that noted the breach reported to the Department of Health and Human Services was caused by the Quantum incident and did not compromise the insurer’s own computer systems.

The Highmark notice provides no further details surrounding the incident. However, another client notice provided to individuals with ties to Ladenburg Thalmann Asset Management breaks down the Quantum incident, including the length of the systems’ hack and impacted data.

Quantum was notified prior to January 20 of a systems hack by an alleged ransomware group, although there was no ransomware attack on their network “or known indications of compromise at that time.” The subsequent investigation found an attacker had access to certain systems for nearly two months between Aug. 17, 2021 and Oct. 11, 2021.

Further, the vendor “recently discovered the threat actor group posted on its dark website certain files it claims to have taken from Quantum’s network,” the data includes information from certain clients. The data did not include SSNs, but related personal information. Reports show the attack has been claimed by Clop actors.

Central Indiana Orthopedics hack leads to data access for 84K patients

Central Indiana Orthopedics recently notified 83,705 patients that their data was accessed after a cyberattack launched in October 2021. 

CIO first detected unusual network activity on Oct. 16 and engaged a third-party cybersecurity firm to secure the network and investigate the scope, in addition to supporting the restoration efforts of operations. 

The investigation found that the attacker accessed some files during the systems’ hack, which could include patient names, SSNs, contact details, and health information. All affected patients will receive free credit monitoring, dark web monitoring, and identity theft protection services.

The notice does not disclose the reason for the delayed notification. The Health Insurance Portability and Accountability Act requires breaches impacting 500 or more patients to be reported within 60 days of discovery.

CIO has since changed its administrative credentials and enhanced the security measures.

Chelan Douglas Health District reports 2021 health data theft

An undisclosed number of individuals who leveraged services from the Chelan Douglas Health District in Washington were recently informed that their data was stolen during a network hack in July 2021. The notice does not explain when the incident was first discovered, just that the investigation and document review concluded on Feb. 12, 2022.

The “unauthorized network access” occurred between July 2, 2021 and July 4, 2021. The district consulted with an outside cybersecurity firm to analyze the extent of the compromise. 

The review confirmed an attacker removed certain identifiable personal and protected health information from the network during the hack, which varied by patient and could include names, SSNs, dates of birth or death, financial account details, treatments, diagnoses, medical record or patient numbers, and health insurance policy information.

All affected individuals will receive complimentary credit monitoring services. If their SSN was compromised. 

Labette Health patient, staff data stolen during October cyberattack

Kansas-based Labette Health informed an undisclosed number of patients and staff of a data exfiltration incident that occurred prior to a cyberattack in October 2021. Upon discovering the intrusion, Labette Health took steps to secure the network and reduce the spread. 

The investigation determined an attacker potentially accessed and acquired information from certain network portions during a nine-day hack between Oct. 15, 2021 and Oct. 24, 2021. The analysis concluded on Feb. 11, 2022, which could explain the untimely delay in notifications.

The compromised data included both personal and protected health information of employees and patients who received services from Labette Health, which could involve SSNs, treatment details and costs, diagnoses, dates of service, prescriptions, Medicare or Medicaid numbers, and/or health insurance data. Not all Labette Health patients were affected.

Labette Health has since strengthened its network security and implemented additional security measures recommended by a third-party cybersecurity firm, including a mass password reset, strengthening password requirements, implementing multi-factor authentication, upgrading endpoint detection software, and bolstering employee training on network security and threats.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.