The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

Posted By on Sep 8, 2023

A round-up of data breaches that have recently been reported to the HHS’ Office for Civil Rights, state Attorneys General, and the media.

242,986 Patients Had PHI Compromised in Cyberattack on Bienville Orthopaedic Specialists

Bienville Orthopaedic Specialists in Gautier, MS, has reported a data breach to the Maine Attorney General that has affected up to 242,986 patients. A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023. The threat actor acquired files from its systems on March 4, 2023.

The review of the affected files was completed on July 31, 2023, and it was determined that names and Social Security numbers had been compromised. Additional technical safeguards have now been implemented to prevent similar incidents in the future. Credit monitoring services are being offered to the affected individuals for 12 months at no cost.

Just Kids Dental Suffers Ransomware Attack

Acadia Health, LLC, doing business as Just Kids Dental, has started notifying 129,463 patients that some of their protected health information was stolen in an August 2, 2023, ransomware attack. The incident was detected on August 8, 2023, after files were encrypted. Some of those files contained patient and employee information and were exfiltrated by the attacker prior to encryption.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The types of information involved varied from individual to individual. For patients, the affected information included name, address, email, phone number(s), birth date, Social Security number, driver’s license number, health insurance policy information, treatment information including radiographic images, medical record number, account number, and health conditions. Parents/ guardians of patients had the following information compromised: name, address, email, phone number(s), birth date, Social Security number, driver’s license number, and health insurance policy information. The exposed employee information included name, Social Security number, and local state and federal licensing information (NPI, DEA, and State licensing numbers).

Just Kids Dental said the malicious actor behind the attack confirmed that the stolen data has been deleted and that no information had been further disclosed. Just Kids Dental does not expect there to be any data misuse; however, affected individuals have been advised to monitor their account statements for suspicious or unauthorized activity.

Email Accounts Compromised at Associates in Pediatric Dentistry

Associates in Pediatric Dentistry in Louisiana recently announced that unauthorized individuals gained access to certain employee email accounts that contained patient information. The email account breach was detected on August 25, 2023; however, the forensic investigation revealed the email accounts had been accessed 7 months previously, between January 27, 2023, and February 8, 2023.

The review of the email accounts was completed on June 28, 2023, and confirmed they contained the protected health information of 9,703 patients, including names, addresses, contact information, dates of birth, treatment and diagnosis information, dates of treatment, provider names, costs of treatment, and/or health insurance information. Additional safeguards and technical security measures have now been implemented to prevent similar incidents in the future.

North Mississippi Health Services Shuts Down Phishing Attack in 17 Minutes

North Mississippi Health Services in Tupelo has recently confirmed that unauthorized individuals gained access to an employee’s email account after the employee responded to a phishing email. The email account breach was detected on July 3, 2023, and was immediately remediated. The threat actor only had access to the account for 17 minutes. While the window of opportunity for data theft was short, it is possible that some of the emails and attachments in the account were downloaded. The review of the account confirmed it contained the following types of information: names, dates of birth, primary physicians’ names, and diagnoses or dispositions upon recent discharge from North Mississippi Medical Center-Tupelo.

North Mississippi Health Services has found no evidence to suggest any patient data was misused and said policies and procedures are being reviewed and employee education about phishing is being strengthened. 950 patients had their protected health information exposed as a result of the attack.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist