Hallettsville, Texas’ critical access hospital Lavaca Medical Center, has begun informing 48,705 individuals regarding a security breach wherein their protected health information (PHI) was exposed.
Lavaca Medical Center stated it detected abnormal activity in its computer network last August 22, 2021, showing a prospective cyberattack. The healthcare provider took prompt steps to safeguard its system and involved a third-party computer forensics agency to help with the inquiry. The forensic investigators affirmed unauthorized persons acquired access to the network from August 17 to August 21.
Though there was no evidence of information theft found, the probability that patient records were accessed or copied cannot be eliminated. Impacted systems included data like names, birth dates, patient account numbers, Social Security numbers, and medical record numbers. The attackers were unable to access the electronic medical record system.
As per Lavaca Medical Center, there’s no reason to think any patient data were extracted from its servers or misused; nonetheless, the HIPAA Breach Notification Rule mandates the issuance of notification letters to impacted people. As a precautionary measure, affected persons were provided credit monitoring and identity theft protection services for free.
System monitoring tools were already upgraded and its systems are going to be consistently reviewed for unauthorized activity.
Malware Infection Identified by Throckmorten County Memorial Hospital
Throckmorten County Memorial Hospital based in Texas has learned that unauthorized people obtained access to areas of its computer system that comprised the personal records of 3,136 staff and patients.
A breach was noticed on September 7, 2021. It involved unauthorized systems access and the setup of malware. According to the forensic investigators, its network was compromised on August 25, 2021, and access to systems continued up to September 7.
An analysis of the affected systems established they comprised patient data for instance first and last name, birth date, address, sexual category, date(s) of service, diagnoses, present procedural term code, condition, prescription medication, and specifics of hospital trips. Staff information likely affected included name, income record, Social Security number, payroll details, and filing data.
Throckmorten County Memorial Hospital mentioned impacted persons were given a free credit monitoring service membership and are going to be secured by identity theft and fraud insurance program. Notifications concerning the security breach were late to grant time for the taking away of malware and enhancement of security, as giving sooner notifications will make its system susceptible to other cyber attackers.