The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

Posted By on May 17, 2022

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access. An investigation was launched to determine the nature and scope of the attack and to allow its network and systems to be restored. The investigation confirmed that unauthorized individuals had accessed its network between March 9 and March 11, 2022, and potentially viewed and exfiltrated files from its systems.

It was not possible to determine which files had been viewed or removed from its systems, nor the exact number of files that had been accessed or exfiltrated. Notification letters have therefore been sent to all individuals potentially affected. The review of the files revealed they mostly contained protected health information such as names, addresses, medical information, and/or health insurance information. A limited number of individuals have also had their Social Security numbers, driver’s license information, and/or financial account or credit card information exposed.

NuLife Med said it is currently reviewing records to try to determine which individuals have had information beyond medical and/or health insurance information impacted, and additional notifications will be sent to those individuals when the breach investigation has concluded. NuLife said no reports have been received to date to indicate any patient information has been misused.

The data breach has been reported to the HHS’ Office for Civil Rights as affecting 81,244 individuals. In Late July, a second breach was reported as affecting 3,805 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Ransomware Attack Affects 28,000 FPS Medical Center Patients

FPS Medical Center in Lake Havasu City, AZ, has recently announced it was the victim of a malware incident that encrypted files on its network. The security breach was detected on March 3, 2022, with the subsequent investigation determining its systems were first breached on February 28, 2022. Unauthorized access was blocked on March 3, 2022.

A forensic investigation was conducted to determine whether patient information was accessed or exfiltrated, but it was not possible to tell if any files had been viewed or downloaded, although the possibility of unauthorized access and data theft could not be ruled out.

A review was conducted of all files on the parts of the network that were affected, which concluded on April 25, 2022. The files contained full names, addresses, birth dates driver’s license information, medical information such as treatment and diagnosis information, health insurance information, and limited Social Security numbers.

Notification letters have now been sent to the 28,024 patients whose protected health information has potentially been compromised. FPS Medical Center said it is reviewing its policies and procedures and will implement additional administrative and technical safeguards to further secure the information in its systems.

Schneck Medical Center Announces Cyberattack and Data Theft Incident

Schneck Medical Center in Seymour, IN, has started notifying certain patients that some of their protected health information was contained in files that were exfiltrated from its systems.

The medical center did not state in its notification whether the security incident was detected but said an extensive forensic investigation and manual document review were conducted which determined on March 17, 2022, that files had been exfiltrated from its systems on or around September 29, 2021.

The files contained names along with one or more of the following data types: Address, date of birth, medical record number, other internal identification numbers, driver’s license/state identification numbers, medical diagnosis, and conditions information, and health insurance/claims information. The files also contained limited Social Security numbers, financial account information, and payment card information.

Schneck Medical Center said no evidence was found to indicate any actual or attempted misuse of patient data; however, as a precaution, individuals potentially at risk have been offered complimentary credit monitoring services. Notification letters were sent to affected individuals on May 13, 2022.

A review has been conducted of its security systems, policies, and procedures, and additional security measures are being implemented to prevent similar incidents in the future.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 92,311 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist