July 2017 – Cyber Security Summary

The amount of healthcare data breaches in July was off-the-chart.  At 46 breaches, July had the highest number of breaches in 2017!  July accounts for 20.5% of all 2017 healthcare data breaches; to put that in comparison, before July there was an average of 25 breaches per month. The 46 breaches caused 572,678 records to be compromised. Contributing to these breaches were an identity theft scheme, a not-so-average phishing email, a threat that was undetected for over a year and a double attack.

Since the beginning to the year

Since the beginning of 2017, there have been 881 total data breaches causing almost 17 million records to be compromised. Out of those, the healthcare industry accounted for 224 breaches and about 3.5M records compromised. The healthcare industry experience 25.4% of total breaches and 20.8% of records compromised.

Identity-Theft Scheme

10 hard-copy medical records were stolen when a county hospital in Oklahoma’s storage building was broken into.  On Thursday July 20^th local authorities were able to connect the break-in to two individuals, who were arrested in June 2017 for identity theft.  The suspected thief worked for the County Hospital as a licensed practical nurse. It is reported, after leaving the hospital in early 2017, the suspect returned to the hospital to steal personal patient information. The ex-employee and accomplice, were arrested after the discovery of evidence that linked the partners to numerous reported identity thefts totaling over $300,000. The hospital has taken all necessary steps ensure security of the building in the future and is offering the 10 affected patients free credit support.

‘Phishing’ for Cash

In the beginning of July, a university medical center in California reported a breach affecting nearly 15,000 people. Hackers gained access to medical center employees’ accounts through a phishing email. Once they gained access to the accounts, hackers impersonated account owners to send emails to other employees.  The hack was discovered when accounts were used to request large amounts of money. While there is no evidence to show personal information was acquired, the hackers had potential access to personal information such as names, addresses, phone numbers, medical record numbers, diagnoses and SSNs.  The medical center is evaluation its security measures and offering identity and credit protection services to patients who were possibly affected.

15 months undetected

While investigating into a recent ransomware attack a Georgia-based neurological clinic found a 15-month breach.  While the clinic was able to restore all information without paying a ransom, during the process they found that hackers had potential access to names, SSNs, driver’s licenses, addresses, phone numbers, medical data, prescriptions and health insurance information from February 2016 through May 2017. It is unknown if any of this personal information was accessed, but the clinic is offering identity theft protection services to patients affected by the breach.

Double Whammy

A senior living community reported a second ransomware attack on July 5^th. The senior living community, located in Texas, originally reported a breach in May of this year. While investigating into the original attack they found a second ransomware attack. Luckily, the second attack was detected the same day it was discovered and they immediately took action and expanded their investigation to include the scope of the second attack. There is nothing suggesting that hackers accessed personal, but they potentially had access to SSNs, driver’s license numbers, birth dates, addresses, phone numbers, medical record numbers, payment information, health insurance information, and clinical information related to residents.