Patient and Employee Information Compromised in The Kennedy Collective Phishing Attack
The Kennedy Collective in Trumball, CT is a disability services provider that is previously called The Kennedy Center. It has encountered a phishing attack that compromised patient and employee information. An employee opened a phishing email and shared his/her credentials, which permitted the attacker to access the employee’s email account. The account is now secured; nevertheless, the analysis of emails and file attachments showed they included personal medical data, and the Social Security numbers and driver’s license details for a some individuals, .
The breach report was submitted to the HHS’ Office for Civil Rights indicating that the protected health information (PHI) of 851 persons was impacted. It is uncertain how many workers were impacted. All victims were notified via mail and those who had their Social Security numbers affected were provided free credit monitoring services. The Kennedy Collective has done what is necessary to enhance email security and has given extra HIPAA training about phishing to employees.
Potential Cyberattack on Palomar Health Medical Group
Palomar Health Medical Group, a company offering primary and specialty healthcare in North San Diego County, CA, is looking into a potential cyberattack after discovering suspicious activity inside its computer system on May 5, 2024. The impacted systems were disconnected from the web to control any malware.
Because of the breach response protocols, the patient website, telephones, and faxes are inaccessible. With the majority of communication systems unavailable, patients were instructed to go to their doctors personally and it is expected to have slowdowns because of the interruption. Third-party cybersecurity experts were engaged to check into the occurrence and determine the cause of the interruption. Systems will be restored online if it is already safe to take action. At this point of the investigation, it is too soon to say if patient information is exposed.
The incident seems to be limited to Palomar Health Medical Group. The Palomar Health Healthcare District, including Palomar Medical Center Escondido, and Palomar Medical Center Poway were not impacted.
The Georgia Institute for Plastic Surgery Cyberattack
The Georgia Institute for Plastic Surgery based in Savannah, GA, has informed 8,111 present and past patients about the potential theft of some of their PHI by an unauthorized person who acquired network server access on December 30, 2023. The attack was discovered on or about February 22, 2024. A third-party cybersecurity company mentioned that the attacker used a remote desktop to access the server.
The server stored files that contained patients’ complete names, birth dates, addresses, telephone numbers, procedure codes, and/or diagnosis codes. Personal notification letters were sent to those persons on April 24, 2024, and they were told what to do to reduce the risk of misuse of their information.
