This month, more than 114,000 individuals may have experienced personally identifiable information and protected health information exposures from these incidents, while an email marketing hack is a new source for phishing attacks.

Medication adherence platform mscripts breached

On January 17, mscripts, a cloud-based mobile pharmacy platform that focuses on patient engagement and medication adherence solutions, reported to the U.S. Department of Health and Human Services unauthorized access/disclosure that involved protected health information of 66,372 individuals, according to the Office for Civil Rights cases under investigation list.

The San Francisco-based platform, owned by Dublin, Ohio-based Cardinal Health, uses interactive SMS messaging and branded mobile apps to provide dosage and refill reminders and other prescription management functions. 

It has partnerships across the healthcare space and customers include retailers like Kmart and Wegmans, and providers like Intermountain Healthcare, Banner Health and the Henry Ford Health System.

Mscripts and Cardinal Health have not posted data breach notices to their websites.

The mscripts privacy policy on Henry Ford's website indicates that PII, as well as PHI, may be collected by mscripts from users and their pharmacies. 

Diligent Corporation announced PII compromised, exposed UCHealth data

According to a UCHealth announcement posted to its website January 17, "Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files."

The Colorado-based healthcare provider noted that electronic medical records and email systems were not part of the breach, but "some of UCHealth’s patient, provider or employee data may have been included in this incident." 

UCHealth reported to OCR that 48,879 individuals were affected by the hacking incident, according to the agency.

The medical provider said the stolen data may have included:

• Name.
• Address.
• Date of birth.
• Treatment-related information.
• Social Security numbers.
• Other financial information.

Mailchimp's second social engineering attack, CloudSEK reports leaked API keys

Mailchimp announced on its website that on January 11 it identified an unauthorized actor had compromised administration tools and accessed 133 accounts, exposing customer data, through a second social engineering attack on the company in six months. 

The email marketing service provider temporarily suspended those accounts to protect user data. 

Mailchimp was first breached in April 2022, and threat actors were able to view around 300 user accounts and obtain audience data from 102 of them, as reported by the chief information security officer to the HHS cybersecurity program. 

As a result, HC3 warned healthcare organizations of phishing campaigns leveraged by the email marketing platform. 

While it is not a HIPAA-covered entity with a business associate agreement, a number of medical practice management applications integrate with Mailchimp, and a number of mail marketing service providers for doctors and providers work with Malchimp, Constant Contact and other email marketing platforms.

In the previous social engineering attack in August, Mailchimp specified that the 214 accounts affected were largely cryptocurrency and finance organizations.

However, DigitalOcean, a large cloud provider across industries, including healthcare, confirmed its clients had been affected by malicious password resets, and the provider migrated email services away from the platform.

Also, CloudSEK's BeVigil research team released a December report that API keys for Mailchimp, along with Mailgun and Sendgrid, had been leaked, potentially allowing threat actors access to email conversations and potentially sensitive information.

"An API key leak in Mailchimp would allow a threat actor to read conversations, fetch customer information, expose email lists of multiple campaigns containing [PII], authorize third-party applications connected to a MailChimp account, manipulate promo codes and start a fake campaign and send emails on behalf of the company," according to Business Standard's coverage of the report.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.