Three of DCH Health System’s hospitals in Alabama were forced not to accept new patients other than those in a critical state due to a ransomware attack.
The staff in DCH Regional Medical Center in Tuscaloosa, Northport Medical Center and Fayette Medical Center could not use the computer systems since October 1, 2019 because of the ransomware attack.
An unidentified person responsible for blocking access to the DCH systems demanded a certain amount of money (not disclosed publicly) in return for the decryption keys. There’s no information on whether the hospital or its insurance company will pay the ransom demand or will simply repair the systems using backups. Certain systems were already accessible online though with minimal access.
The three hospitals executed emergency measures to ensure the continuity of healthcare functions every day. The hospitals are looking after the admitted patients and only accept patients in critical shape. Nevertheless, people scheduled for outpatient services or lab tests were advised to call first before showing up for the service. Ambulances having patients are directed to bring the patients to a different facility if necessary.
Email Security Incident at Kaiser Permanente
Some members of Kaiser Permanente received notification about a security breach that happened on August 12, 2019. An unknown individual accessed the email account of an employee. Kaiser Permanente learned about the email security breach on August 19. As per the investigation findings, the unidentified individual had 13-hour access to the account.
The investigators failed to get any evidence that shows the viewing or exfiltration of sensitive information from the email system by the attacker. There is likewise no report of any misuse of PHI.
The compromised email account did not contain Social Security numbers. But it contained the following protected health information (PHI): name, age, birth date, gender, date(s) of service, provider’s name, provider remarks, name of payor, diagnoses information, health history, benefit specifics, insurance protection status, treatment information, procedure specifics, and service offered.
People impacted by the breach were told to monitor their explanation of benefits statements and look for any dubious transaction. Presently, it is still unclear how many members were affected by the breach.