The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Atlantic General Hospital Increases Ransomware Victim Count to Almost 140,000 Individuals

Posted By on Jun 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

The attack was detected on January 29, 2023, and the forensic investigation confirmed hackers had access to its network between January 20 and January 29, 2023. The initial review of files that were potentially compromised in the breach was completed on March 6, 2023, and confirmed that names, medical record numbers, treating/referring physician names, health insurance information, subscriber numbers, medical history information, and diagnosis/treatment information may have been accessed or acquired. Notification letters were sent on March 24, 2023, and complimentary credit and identity monitoring services were offered to affected individuals.

The investigation into the attack continued, and additional files were discovered to have been compromised. The review of those files was completed on May 15, 2023, and after obtaining up-to-date contact information, additional notification letters were sent to affected individuals on June 22, 2023. The compromised information included names in combination with one or more of the following: Social Security number, date of birth, financial account information, medical/treatment information, and health insurance information. Those individuals have also been offered complimentary credit and identity monitoring services. Atlantic General Hospital says it is working on implementing additional safeguards to improve data security and has provided further training to its workforce.

Palomar Health Patients Impacted by PharMerica Ransomware Attack

Palomar Health in San Diego, CA, has recently confirmed that patient data was exposed in a ransomware attack on its business associate, PharMerica, a nationwide provider of pharmacy services. The ransomware attack was detected on or around March 14, 2023, and the forensic investigation confirmed that at least 5,815,591 individuals had been affected. The attack was conducted by the Money Message ransomware group, which added the stolen data to its leak site in late March. The attack has been covered in more detail here.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Palomar Health has confirmed that the following data was potentially compromised in the attack: name, address, date of birth, Social Security number, medications, and health insurance information. Individuals affected received care at Palomar Continuing Care Center in Escondido or The Villas at Poway (Villa Pomerado) between 2001 and 2020. PharMerica is offering complimentary credit and identity theft monitoring services to the affected individuals and is issuing notification letters to patients directly. It is currently unclear how many Palomar Health patients have been affected.

Desert Physicians Management Cyberattack Affects Patients of its Healthcare Provider Clients

Desert Physicians Management in Apple Valley, CA, a provider of administrative support services to physicians’ groups, including Choice Physicians Network/Choice Medical Group, Choice Healthcare Associates, and Horizon Valley Medical Group, has recently announced that unauthorized individuals gained access to its computer systems and copied certain files from its network.

The security breach was detected on April 23, 2023, and the forensic investigation confirmed on or around May 18, 2023, that some of the files acquired by the attackers included protected health information provided by its healthcare provider clients. The compromised information was limited to names, addresses, dates of birth, health insurance information, and clinical information, including diagnosis, treatment information, and/or medication information. Desert Physicians Management said additional security measures have been implemented to help prevent similar incidents from occurring in the future.

The breach was recently reported to the HHS’ Office for Civil Rights as affecting 56,556 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist