PHI Exposed Due to CyberAttacks on Northwestern Memorial HealthCare, D&S Residential Holdings and Cook Children’s Medical Center

Northwestern Memorial HealthCare has reported the potential exposure of the personal data of persons who donated to Northwestern Memorial HealthCare in the past due to a Blackbaud ransomware attack fairly recently. An unauthorized man or woman first obtained access to the Blackbaud systems on February 7, 2020 and probably had continuing access up to the time the ransomware was deployed on May 20,2020.

Before using the ransomware, the attacker might have got access to a database backup that comprised names, birth dates, gender, age, medical record number, departments of service, dates of service, treating health professionals, and/or some clinical data. The Social Security numbers and/or payment card/financial information of 5 people were furthermore included in the database. Altogether, the data of 55,983 Northwestern Memorial HealthCare donors were possibly exposed in the incident.

Northwestern Memorial HealthCare is going over its third-party database storage providers and its association with Blackbaud in an effort to avert the same data breaches again.

PHI of 2,102 Persons Potentially Exposed Because of a D&S Residential Holdings Phishing Attack

D&S Residential Holdings established in Austin, TX has learned about the unauthorized access by a person to the email accounts of a number of employees between April 20, 2020 and June 15, 2020 after employees clicked links in phishing emails.

D&S Residential Holdings performed a complete investigation, with the help of a top computer security agency. However, it was impossible to ascertain whether or not the attackers accessed or stole any information.

An evaluation of the employees’ email accounts confirmed the inclusion of PHI. D&S Residential Holdings provided complimentary credit monitoring and identity theft protection services for one year to the persons who had their Social Security numbers affected in the attack. The breach report filed with the HHS’ Office for Civil Rights revealed that the breach impacted 2,102 persons.

1,768 People Impacted by Cook Children’s Medical Center Breach

Cook Children’s Medical Center based in Fort Worth, Texas found out that radiology images saved in discs put away in a secured storage space were missing. Even after a thorough search for the missing stuff, Cook Children’s Medical Center could not find them. PHI, such as patient names, birth dates, scan types, medical record numbers, service dates, and names of doctors, was stored in the discs.

To access the images, it is necessary to use specialist software. However, some PHI can be viewed without using specialist software. The hip and spine scanned images of 1,768 patients in 2005 to 2014 were included. There is no evidence found that suggest data misuse. The medical center had already sent notifications to all the people impacted by the incident.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA