Midwest Orthopaedic Consultants based in Illinois has reported that unauthorized persons accessed its computer system and encrypted files using ransomware. The healthcare provider detected the cyberattack on September 29, 2022, and took steps right away to control the ransomware attack.
A third-party forensic security company investigated the incident and confirmed that the attackers acquired access to the system on September 27, 2022, and extracted some documents prior to encrypting files. On November 4, Midwest Orthopaedic Consultants found out that the files included patient information, and on November 21, an extensive analysis of those files confirmed that individually identifiable health data were compromised. Exposed data included names, dates of birth, addresses, driver’s license numbers, Social Security numbers, diagnosis and treatment data, and medical insurance data.
Midwest Orthopaedic Consultants sent notification letters to impacted persons on December 22, 2022. Midwest Orthopaedic Consultants mentioned that it was able to recover the encrypted files from backup files.
Free identity theft protection services were provided to those who had their driver’s license numbers or Social Security numbers exposed. Extra technical steps were applied to avoid the same occurrences later on. The breach report was submitted to the HHS’ Office for Civil Rights indicating that 6,818 patients were affected.
MultiCare Health System Impacted by Cyberattack on Mailing Vendor
MultiCare Health System located in Washington has lately reported the potential compromise of the protected health information (PHI) of over 23,000 patients because of a data breach that happened at Kaye-Smith, its mailing vendor. Kaye-Smith discovered suspicious activity in its digital system in June 2022. According to the forensic investigation, the hackers were able to obtain access to its systems and encrypted files discretely using ransomware since May 2022. The incident affected several health systems and MultiCare Health System was just one of them.
MultiCare Health System stated the attackers could have viewed or obtained files that included the names of patients, Social Security numbers, and addresses. According to Kaye-Smith, it has already implemented extra security measures and monitoring because of the incident.
Collections Vendor Data Breach Impacts Prairie Lakes Healthcare Patients
Prairie Lakes Healthcare System based in Watertown, SD provides services to patients in Western Minnesota and South Dakota. It recently reported that the PHI of 1,059 individuals was exposed because of a data breach that happened at a business associate. Prairie Lakes Healthcare has partnered with AAA Collections, Inc., also known as Advanced Asset Alliance (AAA), for the collection of its unpaid medical bills.
From September 5, 2022 to September 7, 2022, attackers acquired access to AAA’s systems and possibly acquired files that contain the PHI of Prairie Lakes Healthcare patients and ex-Glacial Lakes Orthopaedics patients. A review of the files affirmed the inclusion of data such as names, birth dates, addresses, provider/facility names, medical record numbers, medical conditions, diagnoses, treatment data, dates of service, and payment details. AAA mailed the notifications to impacted persons on December 15, 2022. Prairie Lakes Healthcare mentioned it is taking action together with its vendor to avoid the same incidents from happening later on.