Theft Incident at SAC Health and Ransomware Attacks on Bryan County Ambulance Authority and Lifespan Services

Social Action Community Health System (SAC Health) has lately informed 149,940 patients regarding the theft of files comprising their protected health information (PHI) during a break-in at an off-site storage area that store patient records.

SAC Health uncovered the break-in on March 4, 2022. The following investigation confirmed on April 22, 2022 the theft of 6 boxes of paper files from the storage area, which contained files associated with patients helped by SAC Health in 1997 and from 2006 to 2020.

A review was done to figure out which types of data were contained in the files and confirmed the documents might have contained details like names, addresses, birth dates, and diagnosis codes. SAC Health mailed breach notification letters to those people on May 3, 2022. According to SAC Health, it has not received information of any actual or attempted improper use of patient files because of the break-in; nonetheless, as a safety measure against identity theft and fraud, the provider provided complimentary credit monitoring services to impacted persons. SAC Health stated it is reviewing its guidelines and procedures regarding the storage of paper records.

14,000 Individuals Impacted by Bryan County Ambulance Authority Ransomware Attack

The Bryan County Ambulance Authority based in Oklahoma has just begun sending notifications to 14,273 individuals regarding the compromise and likely theft of some of their PHI. It was mentioned in the notification letters that the provider detected the attack on November 24, 2021 and that the files stored in its systems had been encrypted. Quick action was undertaken to avoid further illegal access, and third-party cybersecurity experts were involved to help with the forensic evaluation.

The breach notice doesn’t tell what types of data were taken in the attack however, nevertheless, it says impacted individuals have received a no-cost membership to an identity theft protection service. Based on the notice, the forensic investigation and document analysis just finished on April 7, 2022, therefore the late release of notification letters to affected persons.

Lifespan Services Experiences Ransomware Attack

Lifespan Services based in Charlotte, NC, a not-for-profit company providing services to persons with disabilities, has lately reported it encountered a ransomware attack that impacted information on its servers. The ransomware attack happened on April 12, 2022, and immediate action was done to protect its systems.

Lifespan stated it can restore all encrypted information 24 hours after the cyberattack, however, the forensic investigation affirmed on May 3, 2022, that the people responsible for the attack got access to files that contain patients’ personal data, like names, Medicaid numbers, Social Security numbers, bank routing numbers, and driver’s license numbers.

Lifespan stated several levels of security were set up, and extra security steps have already been applied. The 8,006 persons affected by the breach received a free one-year membership to identity theft protection services.