SouthEast Eye Specialist (SEES) Group located in Franklin, TN, is contacting 13,000 patients to make them aware that some of their protected health information has been exposed due to a recent phishing attack.
It is no obvious from the SEES Group’s substitute breach notice when the phishing attacktook place, but on November 1, 2019, SEES Group determined patient information was included in email accounts that were accessed by unknown people.
The breach was first noticed when the IT department found suspicious activity in some employee email accounts. A third-party computer forensics firm was hired to help with the investigation and determine whether any emails or email attachments including patient information had been viewed or copied by the hackers.
The investigation found no proof to suggest that patient information was viewed or obtained by unauthorized people, but it was not possible to rule out the possibility that patient information had been compromised.
Am in-depth analysis of all emails in the affected accounts showed they contained information on patients including names, treatment information, and Social Security information.
SEES Group is now reconsidering its information security policies and processes and email security will be augmented to prevent similar incidents from occurring going forward.
2,008 Patients Made Aware of btyDental Ransomware Attack
btyDental, a group of dental practices based in Anchorage, AK, is contacting 2,008 patients to make them aware of a ransomware attack that involved some of their protected health information.
Ransomware was downloaded to some of its servers on or around November 17, 2019. The servers included patients’ X-ray images along with their names. The servers included no other protected health information, which was stored in systems not impacted by the attack.
Steps were quickly put in place to restore the affected servers and third-party IT consultants were retained to help with the investigation. Nothing was found to suggest any patient images were accessed or obtained by the hackers.
btyDental has overlooked its security policies and procedures and has taken steps to stop similar attacks from occurring in the future and will continue to evaluate the security of its systems and put in place the newest security measures.