Jefferson Surgical Clinic Reports June 2021 Data Breach with 174,769 Individuals Affected

Jefferson Surgical Clinic in Roanoke, VA has started informing patients concerning the potential compromise of some of their protected health information (PHI) because of a cyberattack that was discovered on June 5, 2021.

As per the breach notification letter sent to the Maine Attorney General, the attacker obtained access to sections of the network that held patient data like names, Social Security numbers, dates of birth, and medical and treatment data. Jefferson Surgical Clinic quickly informed the FBI regarding the breach and employed third-party cybersecurity and forensics professionals to support the investigation.

The investigation found no information that indicates any patient details were or will be improperly used due to the data breach; nonetheless, as a preventative measure against identity theft and fraud, the health care provider has provided impacted persons free credit monitoring and identity theft protection services for one year.

The Maine Attorney General was advised that the areas of the system viewed by the hacker comprised the protected health information of 174,769 people and that names or various personal identifiers were acquired combined with Social Security numbers. Jefferson Surgical Clinic didn’t give any explanation as to the reason why it took 7 months to mail notifications to patients and government bodies.

10,438 People Impacted by Ransomware Attack on Nonprofit Provider

A New Leaf, Inc. in Broken Arrow, OK is a nonprofit service provider to people having developmental problems, has begun informing 10,438 persons concerning the potential exposure of some of their PHI at the time of a ransomware attack last March 2021.

Since the encryption of files on its network, A New Leaf, Inc., noticed the attack on March 30, 2021. Aided by a prominent cybersecurity agency, A New Leaf found out that before file encryption, the attacker exfiltrated a number of files from its system.

At the outset, as a result of the character of the breach and the affected systems, it was thought that no PHI was exposed, nevertheless, the investigation showed on June 23, 2021, that a number of documents were obtained by the hackers contained personal information and PHI. Manual analysis was performed to find out what details were acquired and where the impacted individuals lived. That analysis was done on October 11, 2021, and A New Leaf mailed notification letters to affected persons on December 30, 2021.

A New Leaf has given the impacted people complimentary membership to Experian IdentityWorks Credit 3B’s identity theft protection and credit monitoring services for two years.