Winter Haven Hospital Patients’ Data Impermissibly Disclosed
BayCare’s Winter Haven Hospital based in Florida is notifying patients concerning an email incident that impermissibly disclosed patient information. On March 15, 2024, a worker made an error while sending forms to a patient by attaching a cardiac rehabilitation department file by mistake to the email that included patient information. The file contained patient names, birth dates, the procedure needing cardiac rehabilitation, date of service, and, in certain instances, telephone numbers and/or email addresses.
The hospital quickly discovered the mistake and called the patient who agreed to delete the sent record. Winter Haven Hospital believes there are no issues in deleting the file and there won’t be any misuse of the disclosed data. Notification letters were sent to the impacted persons on May 8, 2024. Winter Haven Hospital stated it has undertaken corrective actions to stop the same issues later, including putting extra access security to the record. The incident reported was submitted to government bodies, though it is not yet published on the HHS’ Office for Civil Rights breach website. Therefore, the number of affected individuals is still uncertain.
Prudential Insurance Company of America February Ransomware Attack
The Prudential Insurance Company of America has lately submitted a breach report to the HHS’ Office for Civil Rights and State Attorneys General that indicated the effect on the personal data and PHI of 36,092 persons. The hacking incident was initially submitted in a Securities and Exchange Commission (SEC) filing last February. The incident permitted access to administrative user information and worker and contractor accounts. The incident happened on February 4 and was discovered the next day.
Third-party cybersecurity experts helped investigate and discover that a small number of files were extracted from its system. Prudential reported that the files contained names, driver’s license numbers, addresses, and non-driver ID numbers. Prudential has affirmed that the hacker’s access to the system has been blocked. Access controls and security standards are being improved, and extra tracking technologies were applied. The impacted persons were informed by mail and provided free credit monitoring and identity theft protection services.
The impacted persons should use those services. The Blackcat ransomware group professed to be responsible for the cyberattack and listed Prudential on its data leak website. The Blackcat group was likewise behind the cyberattack on Change Healthcare. That incident showed that paying the ransom doesn’t guarantee that the stolen information will be deleted.
Ransomware Attack on West Idaho Orthopedics and Sports Medicine
West Idaho Orthopedics and Sports Medicine, which manages orthopedic centers in Meridian, Fruitland, and Caldwell, ID, has reported a ransomware attack in March. The healthcare provider discovered the attack on March 15, 2024, and secured the systems immediately to stop more unauthorized access. The provider’s investigation established that the attackers extracted files from its system before deploying ransomware. The extracted files might have included patient information.
The analysis of those files confirmed the potential theft of names, birth dates, email addresses, home addresses, phone numbers, medical data, and insurance details of around 5,000 patients. The cyberattack was reported to authorities and government bodies, and the impacted persons are being informed by mail. West Idaho Orthopedics and Sports Medicine stated it is taking the necessary action to enhance security and stop identical incidents later.