Breaches at Alamance Skin Center, Perry County Memorial Hospital and BryLin Behavioral Health

A ransomware attack on Cone Health in Greensboro affected just one practice, Alamance Skin Center in Burlington, NC.

The attack took place in late July 2020. It appeared to have commenced with a phishing attack or brute force attempt targeted at stealing credentials. Cone Health took quick action to separate the impacted systems and called in third-party computer forensics experts to examine the magnitude of the data breach. There was no evidence found that suggests the stealing of patient information prior to file encryption. No report was gotten that indicate the improper use of patient data.

Nonetheless, some patient information was encrypted during the attack and can’t be retrieved. Cone Health accounts that the attack affected the protected health information (PHI) such as patient names, addresses, health record numbers, birth dates, diagnosis details, and date(s) of service.

The attack affected the appointments system and cannot be accessed. Patients having appointments were told to speak to the practice to affirm their scheduled visit. Considering that it wasn’t possible to know with complete assurance that the attackers didn’t gain access to patient data, all impacted patients were instructed to be wary against occurrences of identity theft and fraud.

Alamance Skin Center is examining present policies and procedures and is going to employ supplemental safety measures to avoid similar incidents later on.

Perry County Memorial Hospital Reports Email Security Breach

Perry County Memorial Hospital in Tell City, IN uncovered that unauthorized individuals accessed the email accounts of two employees.

As per the investigation into the incident, the hackers got access to the accounts on August 23, 2020. An evaluation of the breached accounts affirmed that they comprised personal patient information that might have been seen or acquired by the hackers, though there was no proof of theft of data.

The information possibly affected was restricted to names, dates of birth, diagnoses/diagnostic codes, internal patient account numbers, medical provider names, and other health data, together with the Medicare/Medicaid Numbers Social Security Numbers, and medical insurance details of certain patients.

Perry County Memorial Hospital is working on improving email security to avert the same incidents later on. The hospital additionally offered the persons whose Social Security number was likely exposed free membership to identity theft monitoring services.

BryLin Behavioral Health Informs Patients Regarding Potential PHI Exposure

BryLin Behavioral Health System, a mental health and addiction treatment services provider based in Buffalo, NY, is notifying some patients regarding the potential compromise of that some of their PHI due to a cybersecurity breach that happened in August 2020.

BryLin discovered strange network activity on August 19, 2020 and took quick action to protect the network. The investigation of the incident revealed that the breach of its systems occurred on August 14, 2020. Unauthorized persons likely accessed on the compromised systems certain files containing patient names, birth dates, addresses, treatment data and/or clinical data. The Social Security numbers and/or medical insurance data of patients were also compromised in certain cases. The breach just impacted the information of patients who acquired medical services in BryLin hospital. It did not affect patient data from its outpatient clinic, outpatient mental health and outpatient substance use care services.

BryLin already notified all patients impacted by the breach have and offered the 75 patients whose Social Security number were exposed free credit monitoring services.

The number of people affected by the breach is uncertain at this time.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone