Native American Health Center (NAHC) is a nonprofit government-qualified health center that provides services to the local community (American Indians and Alaska Natives) in the California Bay Area. The health center encountered a cybersecurity attack on November 19, 2023. and took immediate action to protect its system disconnecting it from the online world. Third-party cybersecurity specialists helped investigate the attack and confirmed in January that an unauthorized actor accessed patient records. An analysis of the files was done to find out which data was affected.
After the completion of the analysis on May 28, 2024, the Native American Health Center got a listing of the impacted persons and the types of information affected. The exposed patient data included names, birth dates, and health data. The attack did not affect Social Security numbers, but as a safety measure, the impacted persons were provided free Single Bureau Credit Monitoring, report, and score services.
Native American Health Center stated that all logins are already using multifactor authentication. It is currently working on using a system that uses fingerprint scans/badge taps instead of passwords to mitigate the risk of harm. Selected departments are using this system on a trial basis. All hard drives were updated and HIPAA privacy and security checks will be done every year, including the review of policies, procedures, and employee training awareness on cybersecurity, HIPAA certification, and privacy. Access to IT department offices & server rooms will be restricted to physical activity. Buildings and sites equipped with key card access will have restricted access and monitored entry.
The breach report was submitted to OCR but the incident is not yet posted on the HHS’ Office for Civil Rights breach website, thus the number of impacted persons is still uncertain.
