Data Breaches Encountered by PracticeMax and UMass Memorial Health

Health plan members of Anthem who have End-Stage Kidney Disease and are registered in the VillageHealth program were informed regarding the possible exposure of some of their protected health information (PHI) in a ransomware attack.

VillageHealth aids Anthem plan members with care coordination between the nephrologists, the dialysis center, and healthcare companies and shares the outcome with Anthem using its service provider, PracticeMax.

PracticeMax offers business administration and I.T. tools to healthcare establishments. It discovered the attack last May 1, 2021. Based on the investigation, the attackers obtained access to its network on April 17, 2021, and had ongoing access probably up to May 5, 2021. PracticeMax stated it got again the IT systems access on the next day.

Forensic scrutiny of the attack established that it affected one server that kept protected health information (PHI) and the hackers may have viewed and acquired them.

The investigation into the breach came to a conclusion on August 19, 2021, and affirmed the compromise of these types of data: First and last name, address, birth date, telephone number, Anthem member ID number, and medical information in relation to kidney care services gotten. There were no exposed financial data or Social Security numbers.

PracticeMax tells it has done an assessment of its policies and processes and has executed further safety measures to prohibit potential future attacks, such as rebuilding systems, employing extra endpoint security solutions, and boosting its firewalls. Impacted people were provided complimentary credit monitoring services for two years.

UMass Memorial Health Warns Patients Concerning Phishing Attack

UMass Memorial Health has learned that unauthorized people obtained access to a number of workers’ email accounts because of responding to phishing email messages. The phishing attack was uncovered on August 25, 2021 upon seeing suspicious activity in its email system.

UMass blocked authorized account access promptly and started a forensic investigation, with the help offered by a third-party computer forensics agency. The investigation established the breach of the email accounts from June 24, 2020 to January 7, 2021, and in that time, the hackers possessed access to PHI kept in the accounts.

Though no data was found that suggested the attackers had seen or acquired the emails, the probability cannot be eliminated. An analysis of the PHI inside the accounts was finished on August 25, 2021. The breached data consists of names, financial account details, Social Security numbers, and driver’s license numbers. UMass Memorial Health explained free credit monitoring and identity theft protection services were given to impacted persons. UMass Memorial reported it is strengthening email security and is going to be re-training the staff about email guidelines.

The breach has been reported to the Maine Attorney General as affecting a total of 3,099 individuals across the United States.