CSI Laboratories and Christie Clinic Report Data Breaches

Conti Ransomware Gang Owns Responsibility for CSI Laboratories Cyberattack

Cytometry Specialists, Inc. also known as CSI Laboratories in Alpharetta, GA, has lately announced that it encountered a cyberattack that was noticed on February 12, 2022. An investigation was begun which affirmed that files made up of limited patient information were copied from its systems, which largely included patient names and case numbers utilized for identifying patients. However, addresses, dates of birth, medical record numbers, and health insurance data were also included for limited patients.

CSI Laboratories stated in its web notification that at this point of the investigation there seems to be no indication of any misuse of patient records. Although CSI Laboratories failed to reveal the nature of the cyberattack, the Conti ransomware gang has owned responsibility for the attack and has released a sample of the stolen data on its data leak page. CSI Laboratories mentioned it has already restored its system online and it is tracking its network very closely for strange activity. No mention was made regarding the payment of any ransom.

The incident is not yet published on the HHS’ Office for Civil Rights breach website, therefore it is not clear how many people were affected.

Email Account Breach Report Submitted by Christie Clinic

Christie Business Holdings Company, P.C., dba Christie Clinic, has recently stated that it had a security incident relating to the email account of an employee. The organization’s breach notice did not say when the breach was identified, nevertheless, the forensic investigation results verified on January 27, 2022, that an unauthorized individual accessed the email account from July 14, 2021 up to August 19, 2021.

Christie Clinic mentioned the goal of the attack was to intercept a business transaction between the clinic and a third-party merchant, and not to acquire sensitive information from the email account, however it cannot be determined to what degree emails within the account were accessed. Christie Clinic stated the investigation confirmed that the breach only impacted a single email account. No other system programs or accounts were affected. On March 10, 2022, the evaluation of data in the account revealed that the emails contained protected health information (PHI) like names, Social Security numbers, addresses, health details, and medical insurance details. Notification letters were mailed to impacted persons on March 24, 2022.

Christie Clinic stated it actually utilizes industry-leading network security programs, holds regular and continuing training on data security and privacy, and has put in place extra security measures.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA