Illinois Gastroenterology Group just reported that unauthorized people obtained access to its computer system and possibly accessed and exfiltrated sensitive patient data. The group detected the cyberattack on October 22, 2021 due to suspicious activity seen in its computer system.
Third-party cybersecurity experts were employed to inspect the attack and find out the nature and extent of the attack. On November 18, 2021, Illinois Gastroenterology found out that the segments of its network that the unauthorized people accessed comprised patient details like names, addresses, birth dates, driver’s license numbers, passport numbers, Social Security numbers, financial account details, payment card data, employer-assigned ID numbers, medical details, and biometric information.
Illinois Gastroenterology mentioned it was not possible to exclude unauthorized access or stealing of files that contain patient records, nevertheless when sending notification letters, there was no information gotten that indicate any bogus misuse of the affected information. The assessment of the affected files was finished on March 22, 2022, and notification letters were already delivered to impacted persons.
Because of the breach, policies and processes in connection with network protection were evaluated and enhanced, the enactment of an upgraded managed Security Operations Center was sped up, and multi-factor authentication was enforced. Though the security breach wasn’t affirmed as concerning ransomware, Illinois Gastroenterology stated a new endpoint detection and response system was used that has policies activated especially for ransomware.
The data breach report was lately filed with the HHS’ Office for Civil Rights as impacting around 227,943 patients.
Information of Mental Health Center of Greater Manchester Patients Compromised
The Mental Health Center of Greater Manchester (MHCGM) located in New Hampshire reported that patient information was likely breached during a cyberattack at the Center for Life Management (CLM), a third-party community mental health provider partner, that was utilized for information storage.
On February 21, 2022, an unauthorized person gained access to CLM’s systems. CLM discovered the attack on February 23, 2022, and promptly protected its systems to avoid continuing unauthorized access. The breach simply affected CLM’s networks and the safety of MHCGM’s systems wasn’t impacted.
CLM inspected the occurrence and it was proven on April 11, 2022 that the hackers most likely viewed and copied files comprising patient data including names, addresses, dates of birth, Social Security numbers, diagnoses, medical data, discharge details, and treatment areas and/or healthcare companies.
There was no proof discovered that suggests unauthorized individuals accessed or acquired any particular data because of the attack; nonetheless, affected people were provided one year of free credit monitoring. MHCGM mentioned it is not utilizing CLM any longer for data storage and is taking away all information from CLM’s systems.
The HHS’ Office for Civil Rights breach site reveals that 1,322 MHCGM patients were impacted.