HomeHealthHealth CareAdditional 15K added to Eye Care Leaders' already record-setting breach tally

Additional 15K added to Eye Care Leaders’ already record-setting breach tally

An Air Force ophthalmologist performs surgery on a patient on September 1, 2022. (Army)

Another 15,000 patients have been added to the fraction count of the Eye Care Leaders ransomware attack from nearly a year ago.

Massengale Eye Care issued a breach notification to patients in late October, informing them that their data had also been compromised in what remains the largest healthcare incident reported this year on nearly 3.7 million affected patients.

Although mainstream media has recently warned that the CommonSpirit Health cyberattack could affect 20 million patients, this week’s huge health system’s financial report again stated that they are still investigating and have found no evidence of the impact of patient data. This means that ECL still holds the dubious top position.

As reported, ECL’s EMR was hit by a ransomware attack on December 4, after a threat actor gained access to the platform and deleted databases and system configuration files. Without the data, it was not possible to determine whether the data had been accessed or exfiltrated before deletion.

The compromised data varied by healthcare provider and patient, and for Massengale, the data could include names, contact details, dates of birth, social security numbers, diagnostic data and health insurance information.

ECL has not filed its own breach notice with the Department of Health and Human Services as it defends against a provider-led lawsuit accusing the cloud EMR vendor of covering up additional ransomware incidents deployed earlier this year.

A number of providers were affected by those alleged incidents spoke exclusively to SC Media, in which they describe their frustration at the obstruction. The status of the lawsuit was last updated in October, with at least 13 filings to extend the time to respond to the claims and two more filings requesting that the case be dismissed. In these filings, ECL has repeatedly denied these allegations.

Must Read
Lawmakers urge DOJ to act on anti-trans threats at children’s hospitals

The CorrectCare security incident increases to 607,000 people affected

Two more healthcare facilities have filed breach notices with HHS after their medical claims provider, CorrectCare, informed them that their patient data was made public in July due to two misconfigured file databases.

CorrectCare Integrated Health filed three notices with HHS Office for Civil Rights involving 496,589 individuals, while its clients PrimeCare Medical and Mediko sent notices to 22,254 patients and 2,809 individuals, respectively.

Combined with the 85,466 pre-trial detention and prisoners of the Louisiana Department of Public Safety and corrections, the number of violations has now reached 607,118.

As previously reported, the reports stem from a security incident first discovered by CorrectCare on July 6. Two file directories on CorrectCare’s web server were accidentally exposed to the public internet and secured within nine hours.

The subsequent forensic investigation determined that the exposed database contained records of patients who had received care from the affected health care providers, as of January 1, 2012. The data included names, SSNs, dates of birth, prisoner numbers, diagnosis codes or CPT codes, names of health care providers and treatment data.

The file folders do not contain driver’s license numbers, financial account information, or financial card information. CorrectCare has since made security improvements to its systems.

Work Health Solutions reports an email hack affecting PHI

Occupational health and safety service provider Work Health Solutions recently informed an undisclosed number of patients that their data was exposed in an email hack more than six months ago.

The notification does not explain when the unauthorized access to the account occurred, only that a single email account was hacked for more than a month between February 16 and March 24 this year. The investigation confirmed that patient data was included in the bills on Oct. 11.

Must Read
portugal: Ultra-rich weigh Portugal Residency, jumbo covers to forget Covid

As extensively reported many email-related security incidents are reported by SC Media well beyond the 60-day requirement of the Health Insurance Portability and Accountability Act due to the forensic challenges. HHS recently reminded the sector of this timely reporting is required by HIPAA regardless of whether an investigation is ongoing.

For WHS, forensics determined that the account contained patient names, SSNs, driver’s license numbers, health insurance records, and/or medical information. Not all patients were affected by the incident. Patients whose SSNs have been compromised are provided with free credit monitoring services.

Phishing Attack Hits 18K Gateway Ambulatory Surgery Patients

Just over 18,000 patients associated with the Gateway Ambulatory Surgery Center in North Carolina recently learned that their data had been compromised in a phishing attack earlier this year.

The carefully written notice explains that access to two employee email accounts was first discovered in April, sparking a lengthy investigation that was not concluded until September. It’s unclear why the provider waited another two months to notify patients of the privacy breach.

The analysis confirmed that the access came about through a phishing incident, leading to a three-month period of unauthorized access to these accounts between February 14 and May 10 – a month after the initial access was discovered.

Access to the emails and attachments cannot be ruled out, prompting an extensive search of the email content to identify affected patient information. Gateway confirmed that the data may include health insurance enrollment information, health insurance details, medical history, patient account numbers and dates of service. A small set of SSNs and driver’s licenses were also uncovered.

Must Read
The disappearance of the ‘family glitch’ could help 40,000 more Kansans afford health insurance | KCUR 89.3

Gateway is currently working to improve its security measures by implementing a new endpoint detection and response system and providing additional employee training.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments