Cyberattacks Reported by SysInformation Healthcare Services and Jackson Medical Center

Cyberattack on SysInformation Healthcare Services

SysInformation Healthcare Services (SysInformation) based in Austin, TX, also known as EqualizeRCM and 1st Credentialing, provides revenue cycle assistance to medical billing providers and hospitals. It encountered a cyberattack that resulted in a network breakdown. SysInformation discovered suspicious activity in its network in June 2023. IT systems were made secure, and third-party forensics professionals investigated the attack. The investigation confirmed the unauthorized access to its system from June 3, 2023 to June 18, 2023, and the extraction of some files.

SysInformation stated that an investigation was done to find out the types of data involved and the people impacted. Notification letters were sent to the impacted persons on April 17, 2024. The types of information compromised differed from person to person and might have included at least one of these data: name, birth date, employer ID number, driver’s license number, electronic signature, financial account data, medical insurance data, medical history/treatment details, login data, mother’s maiden name, government-issued ID number, passport details, tax ID number and/or Social Security number.

Free credit monitoring services were provided to the impacted persons, security guidelines and protocols were reviewed, and extra safety measures were applied to stop the same incidents later. The breach report was submitted to HHS’ Office for Civil Rights but the incident is not yet posted on its breach portal. The number of affected individuals is still not certain.

509 Patients Affected by Cyberattack on Jackson Medical Center 

Jackson Medical Center based in Alabama has advised 509 patients concerning the exposure of their protected health information (PHI) in a cyberattack that impacted the accessibility of parts of its IT systems. The attack was identified on February 22, 2024. Third-party forensics professionals investigated the incident and affirmed the unauthorized access to its network by a third party between February 17, 2024 to February 22, 2024. At that time, files were accessed or erased from its network.

An evaluation of the affected files confirmed on March 8, 2024 that they stored patients’ PHI, which includes names and one or more of these data elements: contact data, dates of birth, driver’s license or state ID numbers, diagnoses, treatment details, and/or health insurance details. Notification letters were mailed to the impacted persons and complimentary identity monitoring services were offered to patients whose driver’s license numbers, state ID numbers, or Social Security numbers were likely affected. Jackson Medical Center said more technical and safety measures were implemented to safeguard further and monitor its systems.

Cyberattack on Blackstone Valley Community Health Center 

Blackstone Valley Community Health Center based in Pawtucket, RI  reported a cyberattack that happened on November 11, 2023 resulting in a disruption of its computer system. After securing the network, third-party cybersecurity professionals investigated the reason for the network issue and learned that an unauthorized third party acquired access to its system.

The analysis of the compromised files was finished on March 11, 2024, and showed that they included patient information such as names, medical data, and Social Security numbers. Breach notification letters were sent to the impacted persons on April 18, 2024. The victims were provided single bureau monitoring, credit score services, and credit reporting for free. Its network security was improved to stop identical breaches later. The breach report was submitted to the Maine Attorney General stating that up to 34,416 persons were affected.