[BreachExchange] Data of 50K Alomere Health Patients Exposed by Employee Email Hack

[Destry Winant]

https://healthitsecurity.com/news/data-of-50k-alomere-health-patients-exposed-by-employee-email-hack

January 09, 2020 - Minnesota-based Alomere Health is notifying 49,351
patients that their medical data was potentially exposed during a hack
on two employee email accounts.

Hospital staff first discovered unauthorized access on one employee
email account on November 6. The account was secured, and an
investigation determined the account was accessed between October 31
and November 1. Officials said during that time they discovered
another email account was hacked on November 6.

The compromised accounts contained patient names, contact details,
dates of birth, and a trove of health information, like insurance
data, diagnoses, treatments, or medical record numbers. Social
Security numbers and driver’s licenses were included for a small
number of patients.

The investigation could not determine if the data contained in the
accounts were viewed by the attacker. Alomere Health has since
implemented strengthen security measures on its email accounts, while
providing staff with further security training.

ENLOE MEDICAL CENTER RANSOMWARE ATTACK

A ransomware attack on Enloe Medical Center in California last week
forced officials to reschedule the elective procedures for some
patients, according to local news outlet KRCR News.

READ MORE: Is Healthcare Prepared to Respond to Cyber Threats Beyond Ransomware?

All data stored on the hospital’s network was encrypted during the
attack, which prevented clinicians from accessing patient information.
Phone systems at the hospital and clinic also went down during the
attack, but officials said they were restored by January 3.

Officials said they leaned on “well-planned and frequently practiced
backup protocols” to ensure patient care was able to continue during
the restoration efforts. As of January 8, the medical center is still
working to restore access to its data network with help from the FBI
and a security consultant.

RCM VENDOR BREACH IMPACTS MERCY HEALTH LORAIN HOSPITAL

An error in the medical invoices generated on behalf of RCM
Enterprises has spurred a HIPAA breach notification for patients of
Mercy Health Lorain Hospital Laboratory. RCM is a patient billing
services vendor for Mercy Lab as a business associate.

Discovered on November 7, several batches of medical invoices created
and mailed by RCM’s mailing vendor were incorrectly printed. As a
result, patient names, Social Security numbers, and addresses appeared
in the clear mailing window, instead of the names and mailing
addresses of those patients.

The mailings were sent between August 14 and October 16, 2019. RCM
launched an investigation into the security incident, which included a
review of the mailed invoices and the processes used by RCM’s mailing
vendor during the invoice process.

CHILDREN’S CHOICE PEDIATRICS’ RANSOMWARE INCIDENT

READ MORE: FBI Alerts to Rise in Maze Ransomware, Extortion Attempts

About 12,689 patients of Children’s Choice Pediatrics in Texas are
being notified that their data was potentially compromised during a
ransomware attack in October.

On October 27, officials said they discovered a ransomware infection
on its network that encrypted patient data. The network was secured,
and officials launched an investigation with assistance from an
outside cybersecurity firm.

Some patient data was permanently deleted during the restoration
attempts. Children’s Choice joins a growing list of provides to lose
data during a ransomware attack, including Ferguson Medical Group,
Betty Jean People’s Health, and Brookside ENT and Hearing Center,
which shuttered after hackers deleted patient files.

Children’s Choice has since strengthened its security measures and
ensured its networks and systems are secured.

NATIVE AMERICAN REHABILITATION ASSOCIATION BREACH IMPACTS 25K PATIENTS

About 25,187 patients of the Native American Rehabilitation
Association are being notified that their sensitive data was
potentially breached after a malware infection. NARA providers
physical and mental health, as well as substance abuse treatment
services and education to Native Americans.

READ MORE: Report Reveals Business Email Compromise Techniques, Success

The cyberattack began on November 4, where the malware bypassed the
initial security measures. The attack was detected later in the
afternoon and fully contained the next day. All email account
passowrds were reset on November 6.

The investigation determined the infection was Emotet malware, a
notorious trojan malware variant often paired with other malicious
payloads like ransomware or email harvesters. Emotet is also known to
steal credentials and exfiltrate emails.

As a result, NARA officials said it’s possible the hackers were able
to obtain the impacted emails and their attachments. For 344 patients,
their data was either accessed or there’s a high risk of compromise.
For one group of patients, there was no evidence of unauthorized
access.

The compromised data included patient names, Social Security numbers,
contact details, dates of birth, patient identification numbers or
medical record numbers.

NARA has upgraded its endpoint protection tool on all computer
systems, as it reviews its security policies and procedures and
further trains staff on security awareness. Officials said they are
continuing to investigate the security incident alongside
cybersecurity experts and law enforcement.

“As we’ve all heard in the news, hackers and malicious computer
programs are increasingly targeting all kinds of organizations—from
giant retail stores to banks, and certainly many healthcare
organizations,” said Jacqueline Mercer, CEO of NARA NW, in a
statement. “It is sad that there are people in the world whose intent
is to cause harm and distress to vulnerable populations such as our
clients.”

“Words cannot express how truly sorry we are that our clients and NARA
NW have been subjected to this malware attack,” she added. “We take
our responsibility to protect and take care of our clients and their
personal information very seriously.”

ONGOING RANSOMWARE ATTACK ON EHEALTH SASKATCHEWAN

Hackers have infected the electronic health record of the Saskatchewan
government and are demanding the government pay an undisclosed ransom
to unlock the files, according to local news outlet The Star.

Currently, the government is locked out of some of its computer
systems, including the EHR that contains the health data of
Saskatchewan residents. Staff can’t access some administrative files,
but officials said there’s no evidence the patient data has been
compromised.

eHealth is continuing to monitor the situation, and officials said
they will not pay the ransom to restore access. Law enforcement has
been contacted.