From Russian hackers targeting hospitals for patient data to third-party vendor data breaches affecting numerous health systems, here are 11 cybersecurity incidents that Becker's has reported on since Aug. 1.
- Albuquerque, N.M.-based First Choice Community Healthcare's technological environment experienced a data breach that compromised patients' protected health information.
- A data breach involving printing and mailing vendor OneTouchPoint affected more than 37 healthcare organizations. Among the affected organizations were Kaiser Permanente, Geisinger, Health First, UPMC Health Plan, Humana, Anthem and several other Blue Cross Blue Shield affiliates.
- On Aug. 1 Lewiston-based Central Maine Medical Center reported that a cyberattack compromised the protected health information of 11,938 patients.
- A St. Albans, Vt.-based Northwestern Medical Center employee had accessed its EHR without authorization to obtain the protected health information of patients.
- Tacoma, Wash.-based MultiCare Health System has been affected by a data breach that targeted third-party post-acute care company Avamere Health Services. The hacker removed data from 18,614 beneficiaries of MultiCare's Bundled Payment for Care Improvement Advanced program.
- Spring Hill, Fla.-based surgical center Florida Springs Surgery Center became a target of a phishing attack after an unauthorized third party accessed an employee's Microsoft Outlook email account. The hacker was able to compromise the information of 2,203 patients from the attack.
- A data breach at revenue cycle management company Conifer Revenue Cycle Solutions, compromised patients' protected health information at San Antonio, Texas-based Baptist Medical Center; Brownsville, Texas-based Valley Baptist Medical Center; Harlingen, Texas-based Valley Baptist Medical Center; El Paso, Texas-based The Hospitals of Providence Memorial Campus and New Braunfels, Texas-based Resolute Health Hospital.
- On Aug. 12 Novant Health said a promotional campaign involving Facebook advertisements and a Meta tracking pixel compromised the protected health information of 3 million patients. The tracking tool, which was intended to help Novant Health track the campaign's success, ended up allowing certain private information to be transmitted to Facebook's parent company Meta from the Novant Health website and MyChart patient portal.
- United Health Centers of the San Joaquin Valley on Aug. 12 said the health center experienced an "encryption event" that caused technical difficulties and computer disruptions at its facility. The center later determined that documents with personal and medical information were stolen between Aug. 24 to Aug.28.
- Texas-based Methodist McKinney Hospital, Methodist Allen Surgical Center and Methodist Craig Ranch Surgical Center were the target of an alleged data breach by Russian hackers known as the Karakurt gang. The hackers boasted on the dark web about acquiring 367 gigabytes of data from Methodist McKinney Hospital, Methodist Allen Surgical Center and Methodist Craig Ranch Surgical Center.
- Twenty-eight hospitals and physician offices were affected by a data breach involving medical billing vendor Practice Resources. Some of the hospitals include Crouse Hospital in Syracuse, N.Y., and physician practices for Penn Yan, N.Y.-based Soldiers & Sailors Memorial Hospital.