7 health systems affected by data breaches in the last 30 days

From a third-party data breach to phishing schemes that compromised employee email accounts, here are seven health systems that have been affected by a cybersecurity incident since Oct. 27:

  1. Ann Arbor-based Michigan Medicine notified 33,850 patients that some of their personal health information may have been compromised because of a phishing scheme that targeted employees' email accounts. On Aug. 23, the health system learned that hackers were targeting its employees with a phishing scheme in which the hackers lured employees to a webpage designed to get them to enter their Michigan Medicine login information. Four employees entered their login information and accepted the multifactor authentication prompts, which allowed the hackers to gain access to their Michigan Medicine email accounts.

  2. Tift Regional Health System notified patients about an August data breach that may have compromised the protected health information of 500 patients. On Aug. 16, the Tifton, Ga.-based health system discovered suspicious activity on some of its systems and began disabling the network to secure and restore the systems. An investigation into the incident determined that an unauthorized user had gained access to and may have copied files from the systems between Aug. 11 and Aug. 17.

  3. Brunswick, Ga.-based Ascension St. Vincent's Coastal Cardiology's legacy systems were encrypted by ransomware. On Aug. 15, the practice learned that a "security event" had caused ransomware to be deployed on its legacy systems. An investigation into the incident revealed that an unauthorized user gained access to systems within the legacy Coastal Cardiology network, used by Ascension to retain data, including patient information, to meet regulatory requirements.

  4. Houston-based St. Luke's Health notified patients about a third-party data breach at consulting services vendor Adelanto Healthcare Ventures that resulted in the protected health information of 16,906 patients to be compromised. On Sept. 1, the vendor notified St. Luke's that two of its employee email accounts were compromised by an unknown party on Nov. 5, 2021.

  5. New York City-based NewYork-Presbyterian Hospital said an unauthorized third party gained access to employee laptops, potentially exposing the data of about 12,000 patients. On Sept. 8, the medical center discovered suspicious activity on one of its servers, blocking possible attempts by an unauthorized user to download information. While reviewing the incident, NewYork-Presbyterian discovered a hacker had used a cloud-based, remote IT customer support program to access several employee laptops, copying and removing desktop files from some of them.

  6. Lake Charles (La.) Memorial Health System learned that patient information was stolen from its computer systems after an unauthorized party gained access to its computer network. The health system said it is still working on determining how many patients were affected and what kind of information was taken.

  7. On Nov. 10, Banning, Calif.-based San Gorgonio Memorial Hospital's IT operations were disrupted by a cybersecurity incident.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars