PHI of Almost 19,000 Individuals Affected by Breaches at Cook Children’s Medical Center, D&S Residential Holdings and City of Lafayette

1,768 Persons Affected by Cook Children’s Medical Center Breach

Cook Children’s Medical Center based in Fort Worth, TX discovered that a box of radiology images stored in a locked storage room was missing. Despite conducting a search for the missing items, Cook Children’s Medical Center did not succeed in locating them. The storage discs contained the protected health information (PHI) which included names, birth dates, medical record numbers, scan types, service dates, and names of physicians.

To view the images, specialist software is necessary. However, some of the PHI may be viewed even with no specialist software. The images belonged to 1,768 people who had hip and spine scans from 2005 to 2014. There is no report received that indicate the misuse of any data contained on the discs. The medical center already notified all the persons affected by the incident.

PHI of 2,102 People Potentially Compromised Due to a D&S Residential Holdings Phishing Attack

D&S Residential Holdings based in Austin, TX has found out about the unauthorized access by an individual to the email accounts of some employees from April 20, 2020 to June 15, 2020 because employees responded to phishing emails.

D&S Residential Holdings carried out a thorough investigation, with the support of a respected computer security company. However, it was not possible to establish if the attackers viewed or stole any information.

An analysis of the employees’ email accounts showed that they contained protected health information. D&S Residential Holdings offered free credit monitoring and identity theft protection services for 12 months to the individuals who had their Social Security numbers compromised in the attack. The breach report sent to the HHS’ Office for Civil Rights showed that the breach affected 2,102 individuals.

15,000 Lafayette Fire Department Ambulance Users Affected by Ransomware Attack

On July 27, 2020, City of Lafayette, CO suffered a ransomware attack that affected its email, telephone, online billing, and reservation systems so that essential systems data was inaccessible. After assessing the cost and advantages of all feasible solutions, the city opted to pay the attackers $45,000 just to steer clear of the big interruption to its online operations.

Before ransomware deployment, it’s possible that the attackers accessed personal information stored on the computer system of Lafayette, including the usernames and passwords of its online service users and the Social Security numbers of city employees. Moreover, the attackers might have obtained the names and the health insurance identification numbers of 15,000 men and women whom the Lafayette Fire Department ambulance transported prior to January 1, 2018.

The city already removed the ransomware and re-established its network servers and computers. It has also deployed crypto-safe backup systems and enforced extra cybersecurity options to block other ransomware attacks.