Coastal Family Health Center (CFHC), the fourth biggest community health center based in Mississippi, has begun informing patients regarding a May 13, 2021 cyberattack that compromised some of their protected health information (PHI).
CFHC stated hackers tried to de-activate its computer functions; nonetheless, that effort was unsuccessful and CFHC was able to keep on treating patients and offering services to the locality. An investigation was promptly started into the breach to find out how the attack happened and whether the hackers accessed any sensitive patient data.
On June 4, 2021 the investigation showed that the attackers accessed some files that contained the PHI of patients, such as names, addresses, medical insurance data, medical history, treatment details and Social Security numbers.
CFHC engaged third-party cybersecurity experts to help with enhancing the system’s security and changed policies and procedures to avoid more breaches later on. After identifying present mailing addresses, the health center sent notification letters to impacted people on July 2, 2021.
Although there were no reported instances of patient data misuse, as a safety precaution, CFHC is giving all impacted people free identity theft protection services via IDX.
CFHC reported the breach to the Department of Health and Human Services’ Office for Civil Rights indicating that 62,342 present and past patients were affected.
8,066 Patients Affected by Hacking Incident at Carle Cancer Treatment
Carle Cancer Treatment located in Normal, IL has begun informing 8,066 patients about the exposure of some of their PHI in a cyberattack on Elekta, its data storage provider.
Elekta looked into the data breach and confirmed that hackers accessed its systems from April 2 to April 20, 2021 and may have accessed or acquired patient data including complete names, dates of birth, addresses, demographic information, Social Security numbers, height/weight data, medical diagnoses, medical treatment details, and appointment confirmations.
Carle Cancer Treatment Normal received notification about the cyberattack on April 29. Elekta reported its investigation did not find any evidence that indicates the public disclosure of patient data or its use for deceptive purposes. Impacted people received free credit monitoring and identity theft protection services.