Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

The Week In Breach: 11/06/19 - 11/12/19

the week in breach

United States - InterMed

Exploit: Compromised Email Account
InterMed: Maine-Based Physician Group

Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprit. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.

United States - Brooklyn Hospital Center

Exploit: Ransomware
Brooklyn Hospital Center: Full-Service Community Teaching Hospital

A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.

United States - Utah Valley Eye Clinic

Exploit: Unauthorized Database Access
Utah Valley Eye Clinic: Utah-Based Eye Clinic

A cyber-security vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).

The Week In Breach: 11/13/19 - 11/19/19
Security Concern #3 - Physical Security

Mobile? Grab this Article!

Qr Code

Latest Blog

United States - Select Health NetworkExploit: Unauthorized Email Account Access Select Health Network: Indiana-Based Collection of Healthcare ProvidersAn employee’s compromised email account credentials were used to access sensitive data for thousands of patients. ...

Account Login