PHI Breach Reported by OrthoConnecticut, Green Diamond Resource Company and DocGo

118,000 Patients Impacted by OrthoConnecticut Data Breach

OrthoConnecticut has reported that the protected health information (PHI) of over 118,000 patients was exposed in a cyberattack. OrthoConnecticut is a multi-specialty orthopedic practice based in Danbury, CT that has 9 locations in the area. It recently detected unauthorized access to its network and upon investigation by the forensic team, the unauthorized third party accessed the system from November 24, 2023 to November 28, 2023. During that time, the attacker potentially removed files from the system that contained patients’ sensitive data.

OrthoConnecticut performed a thorough evaluation of all files on the network to know which patients were affected. It was reported on March 27, 2024, that the PHI of 118,141 patients was compromised. The types of information exposed varied from patient to patient and possibly included full names along with one or more of these data: Social Security number, date of birth, and medical data such as doctor’s name, patient account number, lab test data, and patient history. OrthoConnecticut stated it had taken many safety measures before the incident to protect patient information, including continuously checking and modifying its practices and internal controls, and will continue doing so.

Green Diamond Resource Company Cyberattack

Forest products firm, Green Diamond Resource Company, based in Washington, recently submitted a data breach report to the HHS’ Office for Civil Rights about the potential compromise of the PHI of 8,172 persons. On or about June 27, 2023, the company detected suspicious activity in its system, and, assisted by third-party cybersecurity professionals, it was confirmed that the network had unauthorized access from June 26, 2023 to June 27, 2023. The analysis of the impacted files was finished on February 23, 2024. Although no proof was observed to suggest access or theft of sensitive information, these data were compromised: names, birth dates, medical data, medical insurance data, Social Security numbers, financial account details, driver’s license numbers/state ID numbers, passport numbers, government-issued ID numbers, and full access information. Green Diamond Resource Company has checked its guidelines and protocols associated with privacy and security and has applied extra safeguards to stop the same breaches later on.

DocGo Reports Patient Data Theft in a Cyberattack

DocGo, a mobile medical services and transportation provider in 26 states of the U.S. and the U.K., has reported encountering a cyberattack wherein patient information was stolen.

In a report submitted to the US Securities and Exchange Commission (SEC), DocGo mentioned that the cyberattack targeted systems employed for its ambulance transportation service. The breach was immediately controlled, the threat actor was taken out of its network, and a third-party cybersecurity firm is helping with the investigation. The security breach only impacted DocGo’s ambulance transportation business and did not affect any other business lines. DocGo stated the incident did not have a substantial impact on its overall financial state.

The attackers acquired some healthcare data of patients who availed its ambulance service. DocGo is now sending notifications to those affected persons. DocGo hasn’t publicly mentioned how many individuals were impacted nor the types of information exposed during the incident. At this point, no threat actors seem to have professed to be behind the attack.