WEEK OF JUNE 20, 2022
Data for 2 million patients stolen in largest healthcare breach so far of 2022
- Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor, Shields Health Care Group.
- The breach tally makes it the largest healthcare data breach reported so far this year.
- The “suspicious activity” was discovered on the Shields network on March 28, which “may have involved data compromise.” Shields took steps to contain the incident, and an investigation was launched with support from third-party forensic specialists. Law enforcement was also notified.
Extortion gang ransoms Shoprite, largest supermarket chain in Africa
- Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack.
- Last Friday, the company disclosed that they suffered a security incident, warning customers in Eswatini, Namibia, and Zambia, that their personal information might have been compromised due to a cyberattack.
- “Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data,” mentions the firm’s statement.
- “Access to affected areas of the network has also been locked down. The data compromise included names and ID numbers, but no financial information or bank account numbers.”
Another 1.3M patients added to data breach tally of ransomware attack on Eye Care Leaders
- Approximately 1.29 million patients of Texas Tech University Health Sciences Center have been added to the ongoing fallout from the Eye Care Leaders ransomware attack and data theft from December 2021.
- The TTUHSC notice shows the ECL incident compromised a range of patient data, including names, driver’s licenses, emails, genders, dates of birth, medical record numbers, health insurance details, appointment information, Social Security numbers, and medical data tied to services received at the TTUHSC ophthalmology center.
- Upon discovering the hack, ECL shut down the EMR platform and launched an investigation, which could not conclusively rule out access to patient health data.
Martin University announces data breach
- The university says it has been working to contact those affected and are offering credit monitoring and identify remediation services.
- “Our investigation revealed that this network incident may have impacted the personal information of some current, former, and prospective students,” said President Dr. Sean Huddleston. “The university learned that the attackers may have gained access to some of its student’s personal information, although there has been no evidence to suggest that any student information was viewed or misused by the attackers.”
- Despite the breach, the university says courses and instruction were not disrupted and students have been able to continue to attend classes virtually.
Arizona hospital says SSNs of 700,000 people leaked during April ransomware attack
- No ransomware group has publicly claimed credit for the attack yet.
- A major hospital in Yuma, Arizona is sending breach notification letters to more than 700,000 patients after a ransomware attack in April lead to a data breach involving Social Security numbers.
- In letters to victims recently made public, Yuma Regional Medical Center (YRMC) said it discovered a ransomware attack on April 25 and immediately took systems offline before contacting cybersecurity experts and law enforcement.
- “The files contained certain patient information, including names, Social Security numbers, health insurance information and limited medical information relating to care as a YRMC patient.” the organization said.
Data breach at Florida hospitalist group affects more than 19,000 patients
- Central Florida Inpatient Medicine is notifying patients of an email data breach after a cybersecurity incident that affected 19,625 people.
- The account contained patients’ personal and protected health information, including diagnoses and treatment records, and in a limited number of cases, Social Security numbers and financial account information, according to the company.
- The organization said the incident did not affect all of its clients and it has no evidence that any of the data has been misused.