A cyberattack on Dynasplint Systems in Severna Park, MD resulted in the potential access or theft of personal and protected health information (PHI). The company manufactures proprietary stretching gadgets for enhancing joint motion.
The security breach happened on May 16, 2020 and employees were unable to access its computer systems. Dynasplint’s lawyer sent a letter to the Iowa Attorney General and explained that the “encryption attack” kept its employees from being able to access its computer systems.
On June 4, 2020, a digital forensics team assisted Dynasplint Systems confirm that attackers may have accessed and obtained information including names, addresses, birth dates, Social Security numbers, and health data. Dynasplint Systems reported the cyberattack to the FBI and gives support to the investigation so that the people behind the attack will be held accountable.
Dynasplint Systems submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that the attack potentially affected 102,800 people. The company began sending breach notifications to the affected people on August 7, 2020 and offered them free identity monitoring and recovery services for one year via Kroll. Though there is the possibility of customer information compromise, no report has been received that indicates such a case.
Dynasplint and some top-rated cybersecurity professionals are enhancing its computer systems to avoid other cyberattacks later on.
Phishing Attack at Texas Medical Clinical Research Organization
Pinnacle Clinical Research in San Antonio, TX, a medical clinical research group that conducts gastroenterological and hepatological clinical trials in the region of San Antonio and Austin, has just reported a phishing attack.
Pinnacle Clinical Research discovered the email account breach in April 2020. A third-party IT security and forensic professionals helped Pinnacle Clinical Research confirm some time around May 8, 2020 the inclusion of sensitive data of clinical trial participants in the compromised email account.
The breach affected only one email account which contained data like names, mailing addresses, phone numbers, treatment data and medical histories. The following information of some affected persons may have been exposed as well: birth date, email address, Social Security number, state ID number, passport number, driver’s license number, taxpayer ID number, credit card/bank account number, PIN or password, and/or medical insurance individual policy number.
Pinnacle Clinical Research immediately secured the compromised email account upon discovery of the breach and took steps to enhance the privacy and security settings of the systems storing the information. The organization also provided the affected persons with free identity theft protection and credit monitoring services for one year.
Phishing Attack at the Institute for Integrative Nutrition
A phishing attack at the Institute for Integrative Nutrition based in New York City in March 2020 resulted in the potential compromise of personal information. The institute discovered the email account breach on June 22, 2020. The investigation showed that an unauthorized person accessed one email account from March 3, 2020 to March 4, 2020.
Third party cybersecurity experts helped investigate the attack and reviewed a document which confirmed the potential access of the unauthorized person to names and personal data, such as Social Security numbers. However, there is no evidence found that suggests data theft.
As a safety precaution, the Institute for Integrative Nutrition offered to provide the affected persons with free identity theft protection services. Additional measures had been taken as well to avoid other breaches later.