Cyberattack Reported by Fellowship Community, Michigan Medicine and Charlotte Radiology

Bible Fellowship Church Homes, Inc. doing business as Fellowship Community based in Whitehall, PA, has just announced a cyberattack it discovered on August 6, 2021. Digital forensics specialists investigated the incident and confirmed that unauthorized people acquired systems access on July 31, 2021, and likely viewed and obtained sensitive data.

An analysis of the files on the impacted systems was performed, which concluded on February 1, 2022. After confirming the contact details, Fellowship Community issued breach notifications. The attackers possibly acquired names, birth dates, financial account numbers, Social Security numbers, medical data, and/or medical insurance details. Fellowship Community did not find any evidence that suggests the misuse of any persons’ data.

The HHS’ Office for Civil Rights received a breach report indicating that 3,500 individuals were affected.

Michigan Medicine Reports Breaches Impacting More than 3,000 Individuals

Michigan Medicine based in Ann Arbor, MI began informing 2,920 patients regarding an email account breach. After somebody responded to a phishing email, an attacker was able to access an employee’s email account and use it for doing more phishing attacks.

A representative from Michigan Medicine stated the attacker accessed the email account on December 23, 2021, however, the unauthorized access was only discovered on January 6, 2022, because the employee saw suspicious email activity. The hospital conducted a thorough analysis of emails to find out which patients’ data were compromised. That process was concluded on February 15, 2022.

The data in the email account differed from one patient to another and involved names, addresses, dates of birth, diagnostic and treatment data, medical record numbers, and medical insurance details. There was no exposure of any financial data or Social Security numbers.

Michigan Medicine has additionally informed 269 patients about the unauthorized access to some of their protected health information (PHI) by a newly hired worker. The breach was discovered on January 27, 2022. The breach investigation confirmed that the unauthorized access happened from January 12, 2022 to January 25, 2022. The breach seems to be a snooping case. The previous worker had connections with the nearby Korean community and the records looked at were part of that community. The previous worker viewed demographic and clinical details, which include diagnoses, treatment data, and test findings, and was dismissed from work because of the HIPAA violation.

Charlotte Radiology Reports a Cyberattack and Patient Data Theft

Charlotte Radiology based in North Carolina has reported the theft of patient data during a cyberattack that resulted in the compromise of its systems from December 17, 2021 to December 24, 2021.

A forensics agency was hired to look into the breach and find out the extent and severity of the breach. The investigation affirmed the exfiltration of files from its systems, which contained the PHI of a small number of people such as names, addresses, dates of birth, medical insurance data, patient account numbers, medical record numbers, date(s) of service, doctor name(s), diagnoses and/or treatment data related to radiology services.

Charlotte Radiology states the breach impacted a few patients. Those whose Social Security number was compromised or stolen were provided free credit monitoring services. The provider likewise did something to strengthen IT security, systems, and tracking functionality.

 

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA