[Ed. note: This piece has been updated to include the latest post from CompuGroup Medical.]
CompuGroup Medical, a medical software vendor, reported that it had been hit with a ransomware attack leading to what the company described as a “technical failure.”
In a notice posted to its website on December 20 at 4:50 p.m. Eastern Time, the company said that the attack affected the availability of some internal services, such as email and phones.
At that point, CompuGroup said it had no indication the attack had impacted customer systems or data – a point it reiterated in a post the next day.
By December 22 at 2:30 p.m. Eastern time, the company said it had made progress in remediating disruptions to services. Over the course of the day, said CompuGroup, it had been able to set up emergency telephone numbers and replacement email addresses for customer support purposes.
Internal systems were also gradually returning to normal.
“The vast majority of our customer systems are up and running. We continue to increase our availability for customer support purposes. Our backup infrastructure is running successfully,” said the company in a post on December 23 at 1:30 p.m. Eastern.
“In the past few hours, we have continued to stabilize our internal systems. We are guided by our defined response plan, which we continue to work through systematically – even during the holidays,” it continued.
On December 27, the company reported that its team members had been able to restore “key components that have been impacted by the attack. In doing so, we continue to execute our business continuity plans.” It noted that it was fully focused on delivering product updates in a timely fashion.
“The availability of our customer systems and data integrity remain our highest priority. We continue to monitor all systems closely and are working with all relevant authorities,” it said.
400K individuals’ information exposed in phishing incident
Monongalia Health System, and its affiliated hospitals, Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company – collectively known as “Mon Health” – have begun notifying individuals that their data may have been compromised in a phishing incident earlier this year.
A breach report to the U.S. Department of Health and Human Services’ Office of Civil Rights said that 398,164 people had been affected.
As outlined in a press release, the West Virginia-based Mon Health first became aware something was amiss in late July, when a vendor reported not receiving a payment.
The health system then launched an investigation, determining that unauthorized individuals had sent emails from a Mon Health contractor’s account in an attempt to obtain funds from Mon Health through fraudulent wire transfers.
Upon the investigation’s conclusion on October 29, Mon Health found that individuals had gained access to several system email accounts between May 10 and August 15.
“Based on its investigation, Mon Health believes the purpose of the unauthorized access to the email accounts was to obtain funds from Mon Health through fraudulent wire transfers and to perpetrate an email phishing scheme, not to access personal information,” said the system in a statement.
“That said, Mon Health cannot rule out the possibility that emails and attachments in the involved Mon Health email accounts containing patient, provider, employee and contractor information may have been accessed as a result of this incident,” it continued.
After a comprehensive search of the email accounts’ contents, Mon Health found information relating to patients and members of Mon Health’s employee health plan that included:
- Medicare Health Insurance Claim Numbers (which could contain Social Security numbers)
- Dates of birth
- Patient account numbers
- Health insurance plan member ID numbers
- Medical record numbers
- Dates of service
- Provider names
- Claims information
- Medical and clinical treatment information
- Status as a current or former Mon Health patient
“To help prevent something like this from happening again, Mon Health is continuing to review and enhance its existing security protocols and practices, including the implementation of multi-factor authentication for remote access to its email system,” said the press release.
A data security incident in Texas
Texas ENT, which operates several locations in the Lone Star State, has also reported a major breach that took place earlier this year.
According to the provider, the data security incident – which affected 535,489 individuals – took place in August 2021.
The system did not discover that the unauthorized access had occurred until October 19.
“With assistance from a third-party cybersecurity firm, we determined that unauthorized parties gained access to our computer systems and took copies of Texas ENT files,” said the provider.
“We carefully reviewed those files and determined they contained patient names, dates of birth, medical record numbers, and procedure codes used for billing purposes. A limited number of files also contained patient Social Security numbers,” Texas ENT continued.
Bad actors did not, however, access the provider’s electronic health records.
“To help prevent something like this from happening again, we are further strengthening our existing privacy and information security program by implementing additional safeguards and technical security measures to protect and monitor our systems,” said Texas ENT.