April 12, 2022: 26 Healthcare Organizations Impacted by Cyberattack on NY Medical Billing Company.

New York billing company Practice Resources, LLC (PRL) disclosed a ransomware attack that impacted 942,000 individuals and 26 healthcare organizations. PRL began notifying 942,138 individuals of a ransomware attack that impacted 26 of its healthcare organization clients.

According to a notice posted on the California Attorney General’s Office website, PRL suffered a ransomware attack on April 12, 2022. PRL immediately took steps to secure its systems and gained assistance from third-party experts.The information involved in the attack potentially included names, addresses, health plan numbers, dates of treatment, and medical record numbers.

January 4, 2022: Cyberattack on South Denver Cardiology Associates (SDCA) Affects 287,000 Patients

South Denver Cardiology Associates (SDCA) announced it was the victim of a cyberattack in January 2022. Files containing protected healthcare information of thousands of thousands of heart patients were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated. Systems were isolated from the network and shut down. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 287,652 individuals.

August 4, 2022: NHS 111 Emergency Line Hit by Cyberattack

A cyberattack at UK company Advanced causing a software outage affected NHS 111 digital services. The attack targeted Adastra clinical patient management software. Adastra is used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions. Advanced has indicated the issue might not be fully resolved until next week. According to NHS England, 111 services are still available. However, the Welsh Ambulance Service has warned that 111 calls may take longer to answer. In addition, NHS England warned that GPs could see an increase in the number of patients.

March 25, 2022: Cyberattack at MCG Health Affected over 1.1M Patient Records, Lawsuits Filed.

More than 10 U.S. health care systems were breached during a cyberattack of Seattle-based MCG Health, affecting up to 1.1 million patients, HIPAA Journal reports. MCG Health, a subsidiary of Hearst Health, is facing multiple class-action lawsuits as a result of the breach, during which an “unauthorized third party” obtained patient files that included names, Social Security numbers, medical codes, mailing addresses, telephone numbers and email addresses. The lawsuits allege MCG Health acted negligently by failing to recognize the breach for at least two weeks - while one lawsuit alleges hackers gained access to data 2 years before the hack was discovered.

May 5, 2021: 2021 Benson Health Breach Affected 29,000 Patients.

North Carolina-based Benson Health began notifying 28,913 individuals of a healthcare data breach. On May 5, 2021, Benson Health discovered that an unauthorized party had attempted to gain access to Benson Health’s computer network. Further investigation revealed that the unauthorized party potentially accessed a dataset containing names, birth dates, Social Security numbers, and health and treatment information.

Benson Health’s investigation concluded on July 7, 2022, more than a year after the initial incident. Benson Health is providing individuals affected by the incident with free single-bureau credit monitoring services. HIPAA requires covered entities to notify impacted individuals of a healthcare data breach within 60 days of discovery.

December 21, 2021: Over 38 Vision Practices Report Data Breaches Involving Eye Care Leaders EHR Incident

Eye Care Leaders, which offers an ophthalmology-specific EMR solution, experienced unauthorized access to its myCare Integrity system in December 2021. Since ECL began notifying impacted organizations of the breach, organizations have been steadily contributing reports to HHS’ Office for Civil Rights (OCR) data breach portal. The hack compromised data of millions of patients.

The types of information that have been exposed included patient names, dates of birth, medical record numbers, health insurance information, Social Security numbers, and information regarding the care received at the affected eye care practices. The breach was confined to the myCare Identity solution.

April 22, 2022: Theft of Member Data Reported in ADA Ransomware Attack

ADA suffered a cyberattack that forced them to take affected systems offline. Online services were inaccessible, including the ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice Transitions. As a result the cyberattack also affected state dental associations who rely on ADA's online services to register an account or pay dues, such as those in New York, Virginia, and Florida,

Black Basta has claimed responsibility for the attack, and soon after begun leaking approximately 2.8 GB of data, including W2 forms, NDAs, accounting spreadsheets, and information on ADA members, which the threat actors claimed to be 30% of the data stolen in the attack.

June 28, 2022: Baton Rouge General Hit by Cyberattack

General Medical Center had to switch to paper record-keeping after a cyberattack brought its EHR system offline June 28, WAFB reported. "First, and most importantly, the attack has not changed our ability to care for patients," the hospital said in a statement to the TV station posted June 29. "We are continuing to provide patient care at all locations." The medical center added that it is working with state and federal authorities and its security vendors to ensure patient data remains private. Baton Rouge General didn't respond to requests from Becker's for updates.

March 7, 2022: Cyberattack at Shields Healthcare Group Compromises Personal Medical Data of Millions of Patients

Shields Health Care Group reported a healthcare cyberattack to HHS impacting 2 million individuals. The Massachusetts-based healthcare group provides MRI, PET/CT, and ambulatory surgical services to patients across New England at more than 30 locations.

According to a notice on Shields’ website, the organization discovered suspicious activity on its network on March 28, 2022. Shields immediately launched an investigation and took steps to contain the incident. The investigation revealed that an unknown actor gained access to certain Shields systems from March 7 to March 21. The unknown actor also acquired certain data from the systems.

June 30, 2022: Georgia Hospital Takes Computer Systems Offline – Continues to Provide Care.

A cyberattack on Jack Hughston Memorial Hospital has led the Georgia hospital to pull certain systems offline and operate under electronic health record procedures, local news outlets reported Wednesday. It’s unclear the type of attack behind the network outage. Patient care has not been interrupted. At this stage of the investigation, it is unclear if, and to what extent, patient information has been compromised.

Pin It on Pinterest

Scroll to Top