Incident Response, Breach

South Shore Hospital network hack impacts data of 116K patients

HHS OCR (Sarah Stierch/CC BY 4.0).

South Shore Hospital in Chicago recently notified 115,670 current and former patients and employees that their data was affected after a hack of the non profit’s network in early December.

On Dec. 10, 2021, SSH discovered suspicious activity on its network and “activated its emergency operating protocols to continue providing safe patient- and family-centered care.” While the incident sounds like a ransomware attack, the notice provides no further details into the hack.

An outside forensics firm was brought on to support the investigation, which found the impacted data could include patient names, Social Security numbers, contact information, dates of birth, financial information, diagnosis, medical data, health insurance policy numbers, and Medicare or Medicaid information. All those affected will receive free identity theft protection services.

SSH has since bolstered its network security controls with stronger password requirements, enabling multi-factor authentication, and re-training employees on data privacy and security awareness measures. The hospital also implemented supplementary anti-malware and phishing tools, while it plans to continue the evaluation of its current security protocols for effectiveness.

Comprehensive Health Services reports breach from 2020 incident

More than one year after responding to unusual activity on its network, Comprehensive Health Services is notifying an undisclosed number of patients that their data was potentially accessed or stolen during a hack of its digital environment.

CHS first discovered the incident on Sept. 30, 2020, after finding some fraudulent wire transfers. The team secured the network and launched a digital forensics investigation to “determine what happened and to identify any information that may have been accessed or acquired without authorization as a result.”

The CHS notice does not explain the lack of timely notification to impacted patients, outside of describing a year-long investigation. But under The Health Insurance Portability and Accountability Act, covered entities and relevant business associates are required to report data breaches impacting 500 or more patients within 60 days of discovery. 

The impacted data that could have been accessed or acquired by the attackers could include names, dates of birth, and/or SSNs.

AccelHealth patient data compromised in malware incident

An undisclosed number of patients of Cross Timbers Health Clinics in Texas, d/b/a AccelHealth, were recently informed that their data were potentially accessed during a malware-related incident in mid-December.

AccelHealth discovered certain files were rendered inaccessible on Dec. 15, 2021. The subsequent investigation found certain systems were infected with malware, which prevented access to some files stored on the network. A further analysis confirmed certain files were possibly subjected to unauthorized access, beginning nearly a week before the cyberattack.

A forensic review completed on Jan. 14 determined the compromised information varied by patient and could involve names, SSNs, contact information, dates of birth, driver’s license numbers, financial account details, health insurance data, medical record numbers, and treatments or diagnoses information.

AccelHealth is working on adding technical security measures to its current toolkit to prevent a recurrence, as it reviews and bolsters its existing data privacy policies and procedures.

Philadelphia FIGHT reports “criminal cyberattack”

A “criminal cyberattack” against Philadelphia FIGHT Community Health Centers has led to the potential access of legally protected patient information. It’s one of the more concerning healthcare incidents in recent months, as Philadelphia FIGHT provides primary care and HIV care to low-income individuals. In total, 15,000 patients could be affected.

A cyberattack hit the provider on Nov. 30, prompting the security team to shut down its network to stop the attack from spreading. The subsequent investigation confirmed the attack did not impact its electronic medical system (EMR) or any clinical systems, only “certain non-clinical systems within the network were accessed by the criminal actor.”

Investigators later determined the affected systems held protected health information. Philadelphia FIGHT could not determine whether the data was accessed or stolen by the hacker. So far, there’s been no evidence the data has been published or fraudulently misused. 

The compromised data includes patient names, SSNs, dates of birth, diagnoses, treatments, and health insurance information. Philadelphia FIGHT is continuing to work on identifying and contacting all impacted individuals.

The health center is currently working to develop and implement enhanced security protocols to prevent a recurrence.

Family Christian Health ransomware attack impacts 31K patients

A total of 31,000 patients of Family Christian Health Center in Illinois were recently notified that their protected health information was compromised prior to a ransomware attack on November 30.

“Over the last two years, despite the unprecedented demands of the COVID-19 pandemic, FCHC has been working hard to strengthen its computer systems and the security of its network, as well as providing additional employee training on privacy and security to address the evolving nature of cyber threats to the healthcare industry,” according to its notice.

Despite its efforts, officials say they discovered the attacker gained access to the FCHC network nearly two weeks before the deployment of ransomware. Due to its previous security improvements, FCHC was “able to care for patients without significant interruption despite the attack.”

However, the investigation could not rule out the potential compromise of patient data that varied by individual, the type of care they received at FCHC, and whether their data was contained in a compromised PDF of records prepared for the Health Resources and Services Administration.

The ransomware attack compromised dental-related data prior to Aug. 31, 2020 and stored on an old dental system, which could include names, dates of birth, contacts, insurance cards, and driver’s licenses. Credit, SSNs, and further dental information do not appear to have been affected.

The attack also affected healthcare data of non-dental services received between Dec. 5, 2016 and Aug. 31, 2020, and impacted patients who were registered through an electronic system compromised by the ransomware infection. The attack impacted some patient records in this system, impacting similar data as above, SSNs, and insurance ID numbers.

The HRSA .PDF infected with ransomware contained the protected health information of about 20 patients and included clinical information from a single visit in 2021, such as names, patient ID numbers, and the date of the visit. No other sensitive information from this subset of patients was compromised.

FCHC hired a forensic consultant to support the investigation and recovery efforts, as well as to perform a review of existing security measures to determine recommended improvements. The provider has already taken steps to enhance its technical safeguards.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.