A Blackbaud ransomware attack breached the data of 657,392 donors to Northern Light Health Foundation and other entities; malware, a phishing incident, and another ransomware attack complete this week’s breach roundup.
August 18, 2020 - A ransomware attack on healthcare business associate Blackbaud compromised the data from 657,392 donors, potential donors, and patients who support the Northern Light Health Foundation, among others, as well as thousands of other of nonprofits, healthcare systems, and hospitals.
Blackbaud is a cloud computing vendor for a host of nonprofits, foundations, corporations, education institutions, healthcare entities, and change agents.
On May 14, the vendor was hit with a ransomware attack. The cybersecurity team was able to stop the attack on May 20 with assistance from law enforcement and an outside forensics team. Blackbaud was able to successfully prevent the hacker from fully encrypting files and blocked access to the system.
However, the attackers were able to remove a copy of a subset of data from Blackbaud’s self-hosted environment before the team was able to lock the hackers out of the system. The vendor did pay the ransom demand “with confirmation that the copy they removed had been destroyed.”
“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly,” Blackbaud officials said in a statement.
The incident did not impact Blackbaud’s public cloud solutions, but its self-hosted environment. Further, the hacker did not access credit card information, bank account information, or Social Security numbers.
Blackbaud recently began notifying some of its customers, which included Northern Light and the Children’s Hospital of Pittsburgh Foundation.
For Northern Light, the impacted databases included data from donors, potential donors, patients who support the foundation’s healthcare mission, fundraising event attendees, and community members with relationships with the foundation.
Northern Light Health maintains its EHR separate from the foundation. The entity is working with Blackbaud to identify the impacted parties and the types of information accessed by the threat actor.
Notably, the Children’s Hospital of Pittsburgh Foundation notification detailed the event as occurring between February 7 and May 20, 2020. The compromised data included constituents’ demographic details, including names, addresses, or birthdates.
BEHAVIORAL HEALTH NETWORK MALWARE ATTACK
A malware attack on Massachusetts-based Behavioral Health Network (BHN) potentially compromised the data of 129,571 patients.
Several BHN systems were infected with malware that blocked access to its files on May 28. Upon discovery, an investigation was launched with assistance from a third-party IT team and a forensics investigator into the scope of the incident and to secure the network.
The investigation determined a hacker deployed malware that disrupted the operation of some BHN systems, gaining access between May 26 and May 28, 2020, which allowed them to potentially access some patient files. Officials said they could not determine the specific information accessed by the hackers and are notifying all current and former patients out of an abundance of caution.
The potentially compromised data could include patient names, contact details, dates of birth, Social Security numbers, diagnoses, treatments, and or health insurance claim information. All patients will receive a year of free credit monitoring and identity protection services.
BHN is currently reviewing existing security policies and procedures and will implemented additional safeguards. Employees will also receive additional privacy and security training.
PHISHING ATTACK ON UNIVERSITY OF MARYLAND FACULTY PHYSICIANS
About 33,896 University of Maryland Faculty Physicians, Inc. (FPI) patients are just now being notified that their data was potentially breached during a phishing attack in February. FPI is the faculty practice plan for the physician practice groups of the University of Maryland School of Medicine.
The phishing attack impacted one employee email account, which contained both FPI and UMMC patient health information. Upon discovery, the account was secured.
The provider concluded its investigation into the security incident on May 26, but the attack occurred for five days between February 6 and February 11. Under HIPAA, covered entities are required to send notifications 60 days after a breach is discovered – not at the conclusion of the investigation.
As an example, Ohio-based Premier Health Partners recently announced it experienced a hack on its email accounts. While the provider has not yet determined the impacted information, Premier notified patients of a potential breach as they continued to investigate during the 60-day period.
For FPI, the impacted email account contained personal and protect health information, such as names, dates of birth, medical record numbers, and clinical data. Some Social Security numbers were also compromised.
FPI is currently reviewing its email policies and procedures and bolstering its email security.
20K PATIENTS IMPACTED BY OWENS EAR CENTER RANSOMWARE ATTACK
Nearly 20,000 patients have been notified that their data was potentially compromised after a ransomware attack on Owens Ear Center in Texas.
The attack occurred on May 28, encrypting data on its computer systems and its EHR system. Officials said it appears the attackers were only seeking financial gain and not the data on its systems. However, patients are being notified their data was encrypted during the attack.
The encrypted patient data was stored in the impacted EHR and included names, contact details, dates of birth, Social Security numbers, medical insurance and other health information. Officials said they’ve since updated its security.
By Jessica Davis - HEALTH IT SECURITY