Weekly Cybersecurity Recap June 23
Table of Contents
- By Steven
- Jun 23, 2023
Healthcare services offered by the government and private agencies took a serious hit this week with breaches against Johns Hopkins, Essen Health Care, Atrium Health at Wake Forest, and the Idaho Department of Health and Welfare. Patients lost a significant amount of both personal and health information in this breach as a result. The Bank of NY Mellon was also a breach victim this week. Read below for the details.
Johns Hopkins, one of the oldest operating teaching hospitals in the United States, was recently the victim of a data breach. The hospital lost data in the MOVEit file transfer service breach launched by the C10p ransomware gang. Personal data for staff members, students, and patients were lost in the breach. The data was lost in May of this year, and investigations are still trying to determine the full extent of lost information, though we suspect Social Security Numbers and other personally identifiable information to be lost.
Essen Health Care
Essen Health Care, a large medical group serving patients in NYC as well as Staten Island, Long Island, and Westchester County, suffered a data breach between March 14 and March 22, 2023. During that time, a substantial amount of personal data was taken, including Social Security Numbers and government IDs, and protected health information was taken as well. See the official notice about the breach to learn more, and watch for a letter to see if you're involved.
Bank of NY Mellon
The Bank of NY Mellon, one of the largest custodian banks in the world, was the victim of a data breach in May of 2023. This breach gave an attacker access to the Social Security numbers and names of many of the victims involved. The Bank of NY Mellon notified the Massachusetts Attorney General on May 13, 2023, and sent individual letters to the people that may have been involved.
Atrium Health Wake Forest
Atrium Health is a significant healthcare services provider at Wake Forest that serves surrounding North Carolina citizens. The organization suffered from a data breach that began as a phishing campaign against company employees. The eventual breach started on April 18 and lasted until April 20, 2023. Anyone exposed by this breach may have had their Social Security numbers, hospital account records, health insurance data, and birth dates exposed. Atrium Health quickly put out a press release explaining details about this breach and sent out individual notices to anyone involved.
Idaho Department of Health and Welfare
On April 18, 2023, the officials at the Idaho Department of Health and Welfare (DHW) detected an intrusion into one of their Medicaid healthcare provider systems. The attacker that invaded the system gained access to the data of more than 2,501 patients. Among this data, there were the full names of the patients and their billing codes, member identification numbers, and dates of the services they received. The incident was quickly reported to the FBI, and individual notices were mailed to the victims on June 9, 2023. Free credit and identity theft monitoring services are available to any Medicaid patient identified as a victim of this breach.