Hospitals, pharmacies and dental practices report hacking incidents impact over 355,000 patients
Share this article on:
A hacker gained access to the computer network of BioPlus Specialty Pharmacy Services, based in Altamonte Springs, Florida, and accessed files containing sensitive patient data. The intrusion was detected on November 11, 2021 and action was immediately taken to remove the hacker from its network. Aided by a third-party computer forensics company, BioPlus determined that its computing environment was compromised on October 25, 2021 and that the hacker was removed from its systems on November 11.
The investigation confirmed that files containing protected health information of some patients had been accessed, but it was not possible to rule out the possibility that the hacker had accessed the PHIs of all of his patients. The decision was therefore made to notify the 350,000 current and former patients of the breach.
Files accessible to the hacker included patient names, birth dates, addresses, medical record numbers, current/former health plan member ID numbers, claims information, diagnoses and/or or prescription information. Some patients also had their social security number exposed. Notification letters began being mailed out on December 10, 2021. Patients whose Social Security numbers were exposed were offered free credit monitoring and identity protection services. BioPlus said it has additional safeguards in place to prevent similar violations in the future.
Computer systems still down a week after cyberattack on Capital Region Medical Center
The Capital Region Medical Center (CMRC) in Jefferson City, Missouri has confirmed that it was the victim of a cyberattack that forced the shutdown of its network and telephone systems. The cyberattack was detected on December 17, 2021, and its network and phone system are still offline. The medical center is enforcing its shutdown procedures and patients are being seen, but some appointments have been canceled. The cyberattack also affected pharmacies in the capital region.
“As our Information Security team works diligently to get our systems back online as quickly and securely as possible, nothing is more important to us than the health and safety of our patients and continuing to provide the care our patients have come to expect,” Lindsay Huhman, CRMC’s director of marketing and communications, said in a press release. “There are shutdown procedures in place for doctors, nurses and staff to provide care in these types of situations, and our staff are committed to doing all they can to mitigate disruptions and provide uninterrupted care to our patients.”
5,356 people affected by data breach at Weddell Pediatric Dental Specialists
Weddell Pediatric Dental Specialists in Carmel, IN, began notifying 5,356 people that an unauthorized person gained access to an employee’s email account containing their protected health information.
The email account breach was detected on July 23, 2021 and the account was immediately secured. Aided by third-party cybersecurity professionals, the dental practice confirmed that the breach was limited to an employee email account. Review and analysis of account emails and attachments was completed on October 27, 2021 and revealed that the account contained patient names, as well as one or more of the following data elements: date of birth, medical diagnosis, medical treatment information, financial data, account information and, in some cases, social security numbers.
People whose social security number was exposed were offered free credit monitoring services for 12 months. Weddell pediatric dental specialists said no information had been received indicating that any patient data had been misused.