Dickinson County Health, Michigan Medicine and Passavant Memorial Homes Security Breaches

Dickinson County Health based in Michigan has encountered a malware attack that resulted in its EHR system to be taken offline. The attack has obligated the health system to use EHR downtime approaches and write patient details utilizing pen and paper. The attack began on October 17, 2020 and hampered computer systems at all its Michigan and Wisconsin clinics and hospitals.

Systems were turned off to restrict the malware and third-party security professionals were called in to check out the breach and fix its systems and records. Though the attack prompted major interruption, nearly all patient services stayed entirely operational. It is at the moment unknown whether or not the attackers accessed or stole patient information.

DCHS CEO Chuck Nelson said that the issue is considered as the company’s highest priority. Industry guidelines and intensive security procedures are being carried out. Throughout the investigation, the company preserved the high quality of patient care all through tbeir system.

Email Addresses of Michigan Medicine Patients Exposed Because of Email Error

Michigan Medicine in Ann Arbor-M has commenced informing 1,062 patients concerning the potential viewing of their names, email addresses, and certain health data by unauthorized persons.

Michigan Medicine dispatched an email message last September to individuals informing them regarding a case of Inflammatory bowel Disease. However, Michigan Medicine did not put the patients’ email addresses on the blind carbon copy (BCC) field and could for this reason be found by all other people on the lists.

The email had no highly sensitive details, nevertheless, it might still be feasible to find out the names of patients through their email addresses together with the email identified persons as battling against inflammatory bowel disease.

Upon receiving word about the error, Michigan Medicine mailed different notifications to all persons on their list telling them concerning the problem and advising them to remove the very first email. Letters were likewise delivered to impacted people on October 16. Michigan Medicine has now altered its techniques for emailing patients to avert the same issues down the road.

25,000 Persons Potentially Affected by Passavant Memorial Homes Security Breach

Passavant Memorial Homes Family of Services (PMHFOS) in Pennsylvania offers support services for persons with mental problems, autism, and behavioral health requirements. A security breach occurred at PMHFOS and the protected health information (PHI) of its customers were possibly exposed.

The security breach took place on August 15, 2020. By using the contact page on PMHFOS’ site, an unauthorized person messaged an authorized user stating that his/her username and password were acquired and allowed access to its systems. The communication informed PMHFOS about the vulnerability and the person stated there was no malicious action undertaken.

An independent computer forensics professional looked into the breach and affirmed there was no malware downloaded and no information was encrypted; nevertheless, it was impossible to find out whether there was any individually identifiable information viewed or exfiltrated. Scans were made on the dark web to find out if any client data were released, nevertheless, there was no record. An analysis of the accessed systems showed they comprised the PHI of 25,000 people.

Due to the breach, PMHFOS shutdown the unsecured account, carried out an organization-wide password reset, gave extra security awareness training to the personnel, and updated its network security procedures. PMHFOS also used two-factor authentication. The police officers and PMHFOS’ cyber insurance company already got a breach report.