The Podiatric offices of specialist Bobby Yee were hit by a ransomware attack that potentially tampered the medical records of roughly 24,000 patients.
Ransomware is a specific type of malware that can encrypt files and “hold them hostage”, where the victim has to pay a fee in order to regain access to their files. Choosing not to pay may result in the files being deleted indefinitely.
The compromised data included social security numbers, patient names, dates of birth, health insurance policy details, medical records, phone numbers, addresses and gender. It was stressed by officials that there was no evidence of the data being viewed or extracted. An official statement from Bobby Yee said that no data was compromised and that they might have to reconstruct some medical information for the patients, at worst.
Currently, it’s unknown whether the ransom amount was paid or whether the information was restored from backup drives.
Humana Facing Third Data Breach
An associate of Humana, Bankers Life was able to determine that hackers accessed the system credentials of some employees. For about 4 months, from May 30th till September 13th, the hacker was able to access the site.
After launching an investigation, it was discovered that full details weren’t compromised but birth dates, addresses, names, health insurance policy details and the last four social security digits were stolen. Other financial and social security information was not affected. Steps have been taken to prevent any such mishaps in the future.
This marks the third instance of a data breach affecting Humana. One attack was reported on December 31st that breached data on 684 patients. The second instance affected Humana’s Family Physician Group, compromising 8,400 patients for roughly two weeks.
Chaplaincy Phishing Attack Leaves 1,000 Patient Records Compromised
1,000 patients were notified by Chaplaincy Healthcare regarding their information being potentially breached due to a phishing attack. The attack is still under investigation, but compromised information includes medical records, patient names, etc. Employees have since been given training on how to protect themselves from such attacks in the future. Two-factor authorization has also been implemented as an additional precaution.