Two hospital systems began notifying patients and employees of cyber incidents, one ransomware and another a data breach, that took place in June.
Grays Harbor Community Hospital (GHCH) and Harbor Medical Group, in Aberdeen, Wash., just began informing patients of a ransomware attack that took place on June 15. At that time hospital databases containing patient health information were encrypted and GHCH was presented with a ransom demand. GCCH said in a statement that much of the encrypted data has been recovered, but some is irretrievable.
The information contained in the affected databases included the patient’s full name, date of birth, Social Security number, phone number, home address, insurance, and medical record information, including diagnosis and treatment.
“GHCH and HMG have no reasonable basis to believe that any personal information has been transmitted outside of GHCH’s or HMG’s databases,” the hospital said.
The data breach hit the Naples, Fla.-based, NCH Healthcare System on June 14 when dozens of hospital employees fell for a phishing scam that gave the malicious actors access to the facilities payroll system. The Naples News reported 73 were victimized by the phishing email
NCH officials said in a statement that once the issue was discovered an outside firm was hired to investigate and on July 2 that company determined that it was in fact a phishing scheme that gave entry to the attackers.
“The investigation determined the unauthorized actor could have accessed data present in the email accounts at the time the incident occurred,” NCH said.
The hospital is waiting for the investigation to be completed before it releases the personal information that may or may not have been involved. However, at this time NCH officials do not believe the information involved has been misused.