HealthCare Data Breaches Impact Northwestern Memorial Hospital, Apex Laboratory, & Five Points Eye Care

In Chicago Northwestern Memorial Hospital has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a range of patients working at the clinic.

This HIPAA breach was initially identified on December 2, 2020. Following an investigation of the access logs it was discovered that the temporary staff member  viewed patient records despite not having a valid work reason for doing so. The breaches took place between October 27, 2020 and December 2, 2020 and the range of data that may have been accessed includes patient names, addresses, and treatment history. It was also possible to rule out the possibility that any access to financial information or Social Security numbers took place. This incident is typical of many that involve a member of staff breaching HIPAA rules, on purpose of inadvertently, and further highlights the need for HIPAA training to being conducted for all members of staff on an ongoing basis.

Northwestern Memorial Hospital released an official statement in relation to the privacy breach revealing that the records of 682 patients may have been accessed and confirmed that the temporary worker no longer works at the health center. Additionally, no further details have been uncovered as to why the records were accessed at all. All impacted individuals are being alerted about the privacy breach via mail and the incident has been made known to the the appropriate agencies.

DoppelPaymer Ransomware Attack Targets Apex Laboratory

Apex Laboratory, a producer of home laboratory services in the New York metropolitan area and South Florida, has been impacted by a DoppelPaymer ransomware attack during July 2020. it has been revealed that thousands of files were uploaded to the data leak website managed by the DoppelPaymer ransomware gang, a large number of which are suspected to include the protected health information of patients and sensitive employee information.

The dumped data was removed from the DoppelPaymer leak site after made Apex Laboratory aware of the breach. In a December 31, 2020 breach notice published on the Apex Laboratory website, it was made public that a ransomware attack took place on July 25, 2020 and that the encrypted data was retrieved on July 27, 2020.

The data published on the leak website is thought to have been stolen during the July cyberattack. Apex Laboratory said that confirmed that steps were quickly implemented to ensure the hackers deleted the data from the leak site, once they discovered the incident. The dumped data is thought to have included patient names, birth dates, test results, and a limited number of phone numbers and Social Security details. The review into the breach is ongoing and breach notification letters will be mailed to victims in the coming days and weeks.

Potential Breach of Patient Data Reported by Athens Optometrist

Five Points Eye Care in Athens, GA has become aware that an unauthorized person obtained access to its network and may have viewed/obtained patient data. The breach took place on October 27, 2020 and was detected and addressed later that day.

The breach was restricted to the email servers, which only held correspondence shared with the optometrist from other treating medics. Those emails included names, dates of birth, Social Security information, addresses, medications, and treatment programmes. A forensic review showed that no other information could be stolen.

The security breach was made known to law enforcement agencies and impacted individuals have been made aware of it via mail and given the chance to avail of 12 months of free credit monitoring services.