Two hospital systems began notifying patients and employees
of cyber incidents, one ransomware and another a data breach, that took place
in June.
Grays Harbor Community Hospital (GHCH) and Harbor Medical
Group, in Aberdeen, Wash., just began informing patients of a ransomware attack
that took place on June 15. At that time hospital databases containing patient
health information were encrypted and GHCH was presented with a ransom demand.
GCCH said in a statement that much of the encrypted data has been recovered,
but some is irretrievable.
The information contained in the affected databases included
the patient’s full name, date of birth, Social Security number, phone number,
home address, insurance, and medical record information, including diagnosis
and treatment.
“GHCH and HMG have no reasonable basis to believe that any
personal information has been transmitted outside of GHCH’s or HMG’s databases,”
the hospital said.
The data breach hit the Naples, Fla.-based, NCH Healthcare
System on June 14 when dozens of hospital employees fell for a phishing scam
that gave the malicious actors access to the facilities payroll system. The
Naples News reported 73 were victimized by the phishing email
NCH officials said in a statement that once the issue was
discovered an outside firm was hired to investigate and on July 2 that company
determined that it was in fact a phishing scheme that gave entry to the
attackers.
“The investigation determined the unauthorized actor could
have accessed data present in the email accounts at the time the incident
occurred,” NCH said.
The hospital is waiting for the investigation to be
completed before it releases the personal information that may or may not have
been involved. However, at this time NCH officials do not believe the information
involved has been misused.
