Idaho Hospitals Divert Ambulances and Clinic Temporarily Closes Due to Cyberattack
Mountain View Hospital, Idaho Falls Community Hospital, and several clinics in rural Idaho run by the same operator have been affected by a recent cyberattack. The decision was taken to temporarily close one of the clinics – Mountain View RediCare – while the attack is remediated. All other clinics have remained open but are offering reduced services.
The cyberattack was detected on Memorial Day, and ambulances were diverted to other hospitals as a precaution. The diversion remained in place through Wednesday due to continuing network issues caused by the attack; however, the hospitals remained open with staff manually recording patient information. A spokesperson for Idaho Falls Community Hospital said patient safety has been the priority and work is continuing around the clock to restore access to computer systems and its systems are cleaned.
The forensic investigation revealed hackers had access to IT systems between April 17, 2023, and May 29, 2023, and during that time, files containing patient information were accessed and removed. The files contained information such as names, contact information, demographic information, dates of birth, medical record numbers, patient account numbers, diagnosis and treatment information, prescription information, provider names, dates of service, facilities of service, and health insurance information. A limited number of patients also had Social Security numbers and/or driver’s license stolen. Those individuals have been offered complimentary credit monitoring and identity theft protection services. Mountain View Hospital sent notification letters to 1,043 individuals on July 3, 2023
UI Community Home Care Suffers Ransomware Attack
UI Community Home Care, a subsidiary of the University of Iowa Health System, has recently reported a security incident to the HHS’ Office for Civil Rights that resulted in the exposure and possible theft of the protected health information of 67,897 patients.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The security breach was detected on March 23, 2023, when files were discovered to have been encrypted, preventing access. The forensic investigation confirmed there had been unauthorized access to files on its servers that started on or around March 23, 2023, and some of those files contained patient information. The electronic medical record system is separate from the affected servers and was not accessed in the attack.
The information potentially compromised varied from patient to patient and may have included name in combination with one or more of the following: date of birth, address, phone number, medical record number, referring physician, dates of service, health insurance information, billing and claims information, medical history information, and diagnosis/treatment information. At the time of issuing notifications, UI Community Home Care was unaware of any misuse of patient data. Security oversight efforts have been strengthened in response to the incident to prevent similar events from occurring in the future.
Grant Regional Health Center Notifies Patients About Email Account Compromise
Grant Regional Health Center in Lancaster, WI, has notified 4,135 patients about a breach of an employee email account. The notification letters do not state when the breach was detected but explain that the forensic investigation confirmed that the email account was subjected to unauthorized access between March 20, 2023, and March 24, 2023.
The review of the emails and attachments in the account was completed on May 9, 2023, and confirmed that patient names had been exposed along with one or more of the following data elements: date of birth, financial account information, medical information, health insurance information, Taxpayer ID number, and Social Security number. Grant Regional Health Center said no actual or attempted misuse of patient data has been detected. Email security has been enhanced to prevent similar breaches in the future.