Oregon Healthcare Provider Suffers Employee Email Data Breach

  • By Steven
  • Dec 13, 2023

Oregon Healthcare Data Breach

In Oregon, the Neuromusculoskeletal Center of the Cascades and Cascade Surgicenter collectively are “The Center.” The professionals that work there are highly trained doctors from many fields, including physiatry, occupational medicine, neurosurgical, and orthopedic care. The Center serves central Oregon at three stand-alone clinics and rural treatment at six shared clinics. Many Oregonians may receive a letter from The Center in the upcoming weeks—they’ve had a significant patient data breach.

How Did the Attack Occur? 

There is little public knowledge about the event or how the assailants made it possible; according to the Notice of Data Incident published on The Center’s website, the event stemmed from employee emails. Purportedly, an unauthorized party accessed multiple employee email accounts, and those accounts contained some patient information. How the assailants accessed the accounts is unclear, as there is no indication of human error or malicious thieving. 

What Information Was Viewed or Stolen? 

The data accessed in this event will have significant consequences for its owners. The information differs between individuals, and not all elements may have exposures in the event; the exposures include full names, birthdays, Social Security Numbers, addresses, phone numbers, email addresses, driver’s license and state ID numbers, financial account information including account numbers, some routing numbers, the financial institution’s name, plus credit/debit card information, and medical information including diagnosis/treatment details, provider name, prescription information, medical record numbers, Medicare or Medicaid ID numbers, specific health insurance information, treatment costs, and digital signatures. Those with data exposed in this event must take action to protect themselves and their future.

How Did the Neuromusculoskeletal Center of the Cascades Admit to the Breach? 

According to the breach notice, the unauthorized actor accessed the employee email accounts between October 2nd and 3rd, 2023. On October 3rd, Center officials noticed suspicious activity within an email, pushing them to launch investigations. On or around November 21st, they completed the review and began to notify the necessary parties. On or around December 1st, The Center published its website notice; this same day, they submitted a breach filing to the Department of Health and Human Services. On December 12th, their filing appeared on the DHHS website. 

What Will Become of the Stolen Information? 

It’s challenging, if not impossible, to determine what will happen to the accessed information. However, because the event was not ransomware, the assailants may sell or misuse the data to generate a profit. On the dark web, criminals can sell records in single or bulk transactions, with costs ranging up to hundreds. Conversely, if the bad actors seek further system vulnerabilities, they may misuse the data in impersonation plots. Most likely, either the threat actors or their associates will use the information in fraudulent events; this may put data owners in the crosshairs of the law. 

What Should Affected Parties Do in the Aftermath of the Breach? 

First, those impacted by this breach should secure their accounts. They should update and change their passwords to complex, multi-symboled passcodes, preferably maintained within a password generator. In addition, those who can change the information associated with them should consider doing so; in cases of financial exposures, consider opening new accounts with new numbers and cards. 
However, those with unchangeable elements should invest in monitoring services and consistently check their accounts. Particularly in medical information exposures, they should closely review all statements from their providers and ensure the services rendered are correct. Although this event happened in October, victims still have time to protect themselves and their futures.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Cementitious Vendor—CGM—Network Compromised by 315k Data Breach

Cementitious Vendor—CGM—Network Compromised by 315k Data Breach

Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products.

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia.

Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures

Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures

INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close