Malware Attacks on Squirrel Hill Health Center and La Clinica de la Raza and Laptop Theft at Woolfson Eye Institute

La Clinica de la Raza based in Oakland, CA is notifying a number of patients with regards to a likely compromise of their protected health information (PHI). The company detected the malware on its systems that contain patient information on January 28, 2021.

The health center engaged a third-party forensics firm to help investigate the malware attack and confirmed on February 26, 2021 that because of the malware, the attacker could have accessed files that contain patient data. However, the breach covered only a short time, because the malware was installed and became active only on January 12, 2021.

In the short stretch of time that the malware was activated it’s possible that unauthorized persons viewed documents, however, the center is convinced that only a few documents were accessed. Those files contained full names, birth dates, telephone numbers, home addresses, medical insurance data, and selected health data like dates of service, diagnosis, test results data, and treatment details associated with medical services given at the medical clinic.

Actions have been implemented to enhance data protection, such as boosting its attack detection and prevention process, protecting login credentials, giving more employees training, and employing other threat prevention procedures. The breach report sent to the HHS’ Office for Civil Rights indicates that the breach affected 31132 individuals.

Malware Possibly Allowed Cybercriminals to Access the PHI of Squirrel Hill Health Center Patients

Squirrel Hill Health Center located in Pittsburg, PA has found malware installed on its computer system that might have given cybercriminals access to documents that contain patients’ PHI. The provider identified the security breach on February 4, 2021 upon detecting suspicious activity on its computer system that hampered file access.

Third-party computer forensic experts investigated the breach and confirmed that unauthorized people acquired access to its networks on January 28, 2021 possibly until February 4, 2021. Although it is usual in attacks like this that sensitive data are exfiltrated, Squirrel Hill Health Center did not see any evidence that indicates actual or attempted misuse of personal information.

Analysis of the files that were possibly accessed showed they included names, addresses, birth dates, diagnostic codes, some appointment scheduling information, and, for some people, Social Security numbers. The malware attack impacted 23,869 people.

Guidelines, procedures, and operations associated with the safe-keeping of and access to patient data are under review and will be modified, as needed, to enhance security.

Laptop Containing Patient Data Stolen from Woolfson Eye Institute

Woolfson Eye Institute located in Atlanta, GA has reported the theft of a laptop computer associated with medical testing equipment on September 21, 2020. Analysis of the laptop contents confirmed it held patient data such as names and birth dates. There was no compromise of other information. The institute reported the theft to law enforcement, however, the laptop computer hasn’t been brought back.

Because of the limited data contained in the laptop, it is believed that patients are not in danger of identity theft and fraud however vigilance is still advised.