The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Idaho Hospitals Divert Ambulances and Clinic Temporarily Closes Due to Cyberattack

Posted By on Jun 1, 2023

Mountain View Hospital, Idaho Falls Community Hospital, and several clinics in rural Idaho run by the same operator have been affected by a recent cyberattack. The decision was taken to temporarily close one of the clinics – Mountain View RediCare – while the attack is remediated.  All other clinics have remained open but are offering reduced services.

The cyberattack was detected on Memorial Day, and ambulances were diverted to other hospitals as a precaution. The diversion remained in place through Wednesday due to continuing network issues caused by the attack; however, the hospitals remained open with staff manually recording patient information. A spokesperson for Idaho Falls Community Hospital said patient safety has been the priority and work is continuing around the clock to restore access to computer systems and its systems are cleaned.

The forensic investigation revealed hackers had access to IT systems between April 17, 2023, and May 29, 2023, and during that time, files containing patient information were accessed and removed. The files contained information such as names, contact information, demographic information, dates of birth, medical record numbers, patient account numbers, diagnosis and treatment information, prescription information, provider names, dates of service, facilities of service, and health insurance information. A limited number of patients also had Social Security numbers and/or driver’s license stolen. Those individuals have been offered complimentary credit monitoring and identity theft protection services. Mountain View Hospital sent notification letters to 1,043 individuals on July 3, 2023

UI Community Home Care Suffers Ransomware Attack

UI Community Home Care, a subsidiary of the University of Iowa Health System, has recently reported a security incident to the HHS’ Office for Civil Rights that resulted in the exposure and possible theft of the protected health information of 67,897 patients.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The security breach was detected on March 23, 2023, when files were discovered to have been encrypted, preventing access. The forensic investigation confirmed there had been unauthorized access to files on its servers that started on or around March 23, 2023, and some of those files contained patient information. The electronic medical record system is separate from the affected servers and was not accessed in the attack.

The information potentially compromised varied from patient to patient and may have included name in combination with one or more of the following: date of birth, address, phone number, medical record number, referring physician, dates of service, health insurance information, billing and claims information, medical history information, and diagnosis/treatment information. At the time of issuing notifications, UI Community Home Care was unaware of any misuse of patient data. Security oversight efforts have been strengthened in response to the incident to prevent similar events from occurring in the future.

Grant Regional Health Center Notifies Patients About Email Account Compromise

Grant Regional Health Center in Lancaster, WI, has notified 4,135 patients about a breach of an employee email account. The notification letters do not state when the breach was detected but explain that the forensic investigation confirmed that the email account was subjected to unauthorized access between March 20, 2023, and March 24, 2023.

The review of the emails and attachments in the account was completed on May 9, 2023, and confirmed that patient names had been exposed along with one or more of the following data elements: date of birth, financial account information, medical information, health insurance information, Taxpayer ID number, and Social Security number. Grant Regional Health Center said no actual or attempted misuse of patient data has been detected. Email security has been enhanced to prevent similar breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist