One Brooklyn Health Notifies Patients About November 2022 Cyberattack
One Brooklyn Health System, which operates three hospitals in Brooklyn, NY, has started notifying patients affected by a November 19, 2022, cyberattack. One Brooklyn Health made a public announcement in late November confirming that it was dealing with a cyberattack, and said it had shut down IT systems to contain the incident and had launched an investigation into the breach. Those systems remained offline for more than a week.
In late January, One Brooklyn Health confirmed that patient data had been compromised, and the attackers had access to information such as names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions, health insurance information, and Social Security numbers. The review of the affected files was a time-consuming process, which took until March 21, 2023, to complete. Contact information then needed to be verified to allow breach notification letters to be mailed. One Brooklyn Health said it started mailing notification letters to affected patients on April 20, 2023.
One Brooklyn Health said the investigation revealed hackers had access to parts of its network between July 9, 2022, and November 19, 2022, and accessed data intermittently over that period. The incident is still showing the 500-record placeholder on the HHS’ Office for Civil Rights breach portal but has now been reported to the Maine Attorney General as affecting 235,251 individuals. One Brooklyn Health said it has reviewed and updated its policies and training protocols relating to data protection in response to the attack.
16,000 Patients Affected by Southwest Healthcare Services Cyberattack
Southwest Healthcare Services in North Dakota has recently started notifying 15,996 individuals about a recent cyberattack and data breach. Southwest Healthcare Services did not state when the breach was detected in its notification letters but explained that prompt action was taken when the incident was detected and third-party cybersecurity professionals were engaged to analyze the incident. On January 31, 2023, Southwest Healthcare Services learned that an unauthorized third party accessed and acquired files between October 28 and 29, 2022, and those files contained patient data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
A review of those files confirmed they contained names, addresses, dates of birth, medical record numbers, other internal identification numbers, driver’s license numbers, state ID numbers, clinical and treatment information, and health insurance information. A limited number of patients also had their Social Security numbers, financial account information, and/or payment card information compromised. Notification letters were mailed to affected individuals on March 31, 2023. Individuals who had their Social Security numbers exposed have been offered complimentary credit monitoring and identity theft protection services.