Premier Diagnostics, a COVID-19 testing service based in Utah, has accidentally compromised the protected health information (PHI) of thousands of people.
Bob Diachenko of Comparitech discovered two exposed Amazon S3 buckets on February 22, 2021. Initially, it wasn’t clear who owned the information, which pertained to patients from Colorado, Nevada, and Utah. The Amazon S3 buckets were later tracked to Premier Diagnostics.
The S3 buckets had two databases, one had about 200,000 images of scanned ID cards for example passports, driver’s licenses, health insurance cards, state ID cards, and other IDs. The search engines already indexed the databases, which could be viewed online with no required password.
On February 25, 2020, it was confirmed that Premier Diagnostics likely owned the information. Diachenko was able to contact the company on March 1, 2021 and had the databases secured that day.
It is uncertain if any person found and downloaded the databases besides Diachenko when the databases were accessible online. Premier Diagnostics affirmed to Comparitech that every person had four scans in the databases including two scans of an ID document and two scans of a medical insurance card, therefore the IDs and insurance data of around 52,000 people were compromised. The ID cards contained a person’s name, age, gender, address, ID number, and picture.
The second compromised Amazon S3 bucket had a database containing the names, birth dates, and test sample IDs from people who had a COVID-19 test, though the database didn’t contain the test result data. All of the 3,645 items contained in the S3 bucket is a scanned table of many patients.
Nefilim Ransomware Gang Posts Stolen Data from Atlanta Allergy & Asthma
The Nefilim ransomware gang recently attacked the Atlanta Allergy & Asthma in Georgia. Prior to file encryption, sensitive data was stolen, which was published on its dark web leak page recently. The 1.3 GB compressed file uploaded to the leak site included 597 files with 2.5 GB of information.
The published information is a sample of a supposed 19GB of data ripped off in the attack. The Nefilim actors threatened to post the other information if the victim does not pay the ransom. The published information consists of billing records and patient audits having highly sensitive personal, healthcare, and insurance data.
The incident is not yet posted on the HHS’ Office for Civil Rights breach portal. It seems that the Atlanta Allergy & Asthma hasn’t announced the breach yet. So it is presently uncertain how many people were impacted.
Ransomware Gang Asked Allergy Partners of Western North Carolina to Pay $1.75 Million
The Federal Bureau of Investigation (FBI) is looking into a ransomware attack that occurred on February 23, 2021 on Allergy Partners of Western North Carolina that resulted in the shutdown of its IT systems for a few days. Due to the attack, the allergy center could not give patients their allergy shots in its Asheville and Arden offices. Normal patient services continued on March 1 at nearly all of its locations.
Based on a police report, the attackers asked for a $1.75 million ransom payment for the file decryption keys. Its IT department worked 24/7 to reestablish its files and systems. Third-party cybersecurity companies investigated the breach to figure out if attackers viewed or obtained patient data.