Recent breaches underscore high healthcare security risk
Cyberattacks continue to pummel healthcare organizations already stretched thin by lack of resources and the ongoing COVID-19 pandemic, as evidenced by two recently disclosed attacks targeting providers in California and Arizona.
Starting Aug. 24, 2021, California-based LifeLong Medical Care began informing individuals that their data was affected in a ransomware attack against Netgain, a third-party vendor that provides services to healthcare providers. LifeLong reported to the Department of Health and Human Services that 115,448 people were affected in the attack.
Netgain first detected anomalous network activity on Nov. 24, 2020, LifeLong reported in a letter disclosing the breach to affected customers. On Feb. 25, 2021, Netgain’s investigation revealed “certain files were accessed and/or acquired without authorization.” LifeLong conducted a review of the contents of the stolen files to determine whether they contained any sensitive data.
On Aug. 9, LifeLong found some identifiable personal and health information was accessed from Netgain’s network in relation to the attack. This data included full names and one or more of the following: Social Security numbers, dates of birth, patient cardholder numbers, and/or treatment and diagnosis information, the letter states. Officials are not aware of reports of identity fraud or improper use of the affected data directly related to the attack.
LifeLong advises those affected to take steps to protect their data with actions such as placing a fraud alert or security freeze on their credit files, receiving free credit reports, enrolling in free credit monitoring if their SSN was affected, and paying close attention when reviewing financial statements, credit reports, and explanation of benefits statements for suspicious activity.
In a separate attack, Arizona-based Desert Wells Family Medicine has begun notifying patients whose data may have been involved in a “recent ransomware and data loss incident” that took place on May 21, 2021, and affected many of its IT systems.
To read the complete article, visit Dark Reading.