Here’s your weekly #databreach news roundup:
Entira Family Clinics, Goodwill, City of Grass Valley – California, Siriraj Hospital, Medical Review Institute of America, Comelec, Loyola University Medical Center, Aditya Birla Fashion and Retail, and Fertility Centers of Illinois.
Entira Family Clinics
A Minnesota family medical practice this week began notifying nearly 200,000 individuals that their information had been compromised in a 2020 ransomware attack on cloud hosting and managed services provider Netgain Technology.@healthinfosec #databreach https://t.co/Z5RoRgru9a— DevaOnBreaches (@DevaOnBreaches) January 15, 2022
A Minnesota family medical practice this week began notifying nearly 200,000 individuals that their information had been compromised in a 2020 ransomware attack on cloud hosting and managed services provider Netgain Technology, an incident that also affected several of the vendor’s other clients and hundreds of thousands of their patients.
In a breach report filed Thursday with the Maine attorney general, St. Paul, Minnesota-based Entira Family Clinics says the Netgain incident affected 199,628 individuals, including nine Maine residents.
Entira says patients’ protected health information potentially accessed by “an unknown party” in the incident includes name, address, Social Security number and medical history.
“At this time, Entira does not have any evidence to indicate that any personal information has been or will be misused as a result of this incident,” a notification statement posted on Entira’s website says.
American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform.
ShopGoodwill’s Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability.
Smith added that no payment information was exposed in the incident because ShopGoodwill does not store such data on its servers.
“We were recently alerted to an issue on our website which resulted in the exposure of some of your personal contact information to an unauthorized third party. This contact information includes your first and last name, email address, phone number, and mailing address,” Smith explained.
City of Grass Valley, California
More details concerning an extensive data breach at the City of Grass Valley, California, revealed the information of employees, citizens, and others was copied and transferred to another network.
A statement from the city council previously confirmed that it had experienced “unauthorized access” to its systems between April 13 and July 1, 2021.
An investigation has now determined the extent of the attack, revealing that the malicious actor had transferred files outside of the city’s network, including the financial and personal information of “individuals associated with Grass Valley”.
In what appeared to be the latest breach of the country’s public health sector, around 39 million patient records from Siriraj Hospital in Bangkok have been listed for sale. The hospital is now denying that its database was hacked. #databreachhttps://t.co/wVEEd9Xqh2— DevaOnBreaches (@DevaOnBreaches) January 13, 2022
n what appeared to be the latest breach of the country’s public health sector, around 39 million patient records from Siriraj Hospital in Bangkok have been listed for sale on an internet database-sharing platform, raidforums.com. The hospital is now denying that its database was hacked.
The Bangkok Post reported that the Faculty of Medicine Siriraj Hospital of Mahidol University, which operates Siriraj Hospital, released a statement saying there has been no data leakage from its faculty or any affiliated hospitals, and that the data set listed was not from the hospital’s database.
The post on raidforums.com says a sample file of the data is available, which is said to include names, addresses, Thai IDs, phone numbers, and dates of birth. The uploader, who goes by the username “WraithMax,” wrote that the price of the data is negotiable, and it will only be sold to one customer. The post claimed that the information isn’t just from the public Siriraj Hospital, but also from VIP records from Siriraj’s private hospital located right next door.
Medical Review Institute of America
In a breach report filed with the Maine attorney general on Friday, Salt Lake City, Utah-based Medical Review Institute of America says it was "the victim of a sophisticated cyber incident" discovered on Nov. 9, 2021. #databreach https://t.co/YiLGmVXLkz— DevaOnBreaches (@DevaOnBreaches) January 13, 2022
In a breach report filed with the Maine attorney general on Friday, Salt Lake City, Utah-based Medical Review Institute of America says it was “the victim of a sophisticated cyber incident” discovered on Nov. 9, 2021, that resulted in unauthorized access to its network.
Upon discovery of the incident, MRIoA says it “took immediate steps to stop the threat and understand the full scope of the situation.” This included hiring third-party forensic experts to conduct an investigation, technological remediation efforts, and contacting the FBI to seek assistance with the incident, MRIoA says.
“The forensic investigation recently concluded and found that the unauthorized individual gained access to its systems via a SonicWall vulnerability on Nov. 2, 2021, that has been removed, and MRIoA’s environment has been secured,” says a sample breach notification letter MRIoA provided to the Maine attorney general’s office.
The Commission on Elections (Comelec) is verifying a report that a group of hackers recently breached the poll body’s online servers and downloaded sensitive data that could potentially impact the 2022 polls.
A Manila Bulletin piece published on Monday, January 10, said that hackers were able to enter the Comelec’s system on Saturday, January 8, and downloaded 60 gigabytes’ worth of files that include usernames and personal identification numbers (PINS) of vote-counting machines, which will be used for the 2022 polls.
While the poll body is “validating” whether the Comelec’s systems have been indeed compromised, it expressed doubts about the claims made in the report.
Loyola University Medical Center
Hospitals and outpatient facilities, both large and small, continue to be the targets of healthcare data breaches, placing additional strain on an already overworked sector.
The new year began with the announcement of a protected health information (PHI) breach and data exfiltration at Broward Health, impacting 1.3 million individuals. Clinical data technology vendor Ciox Health recently reported a breach that impacted 32 healthcare organizations across the country.
During the first week of January, Missouri-based Capital Region Medical Center (CRMC) announced that it had made significant progress on restoring its systems after a system-wide network outage that impacted the center’s phone and computer systems. Three weeks later, CRMC’s website, patient portal, and online bill pay services are back online.
Aditya Birla Fashion and Retail
Another major Indian firm has fallen prey to a massive cyberattack. This time, the victim is a Fortune India 500 List company: Mumbai-headquartered Aditya Birla Group (ABG). The conglomerate includes Aditya Birla Fashion and Retail Ltd. (ABFRL) as well as businesses in other sectors. ABFRL, formed after the merger of Madura Fashion & Lifestyle and Pantaloons, describes itself as “India’s first billion-dollar pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats.”
In a corporate presentation published in July, 2021, ABG claimed to be a US$ 45-billion conglomerate that has 130 manufacturing units globally, and 140,000+ employees of 100 nationalities in 36 countries.
Fertility Centers of Illinois
Fertility Centers of Illinois in a breach notification statement says that while the incident did not compromise its electronic medical records system, an unauthorized third party gained access to a number of administrative file and folders containing certain data.
FCI reported to the Department of Health and Human Services on Dec. 27 that the hacking/IT incident involved a network server and affected 79,943 individuals.
n its breach notification statement, FCI says it became aware on Feb. 1, 2021 of “suspicious activity on its internal systems.”
FCI engaged independent forensic investigators to conduct an investigation of the activity, the statement says. On Aug. 27, 2021, FCI determined that information related to certain FCI patients was included in the set of files accessed by the unauthorized third party, the statement says.
The affected files contained an array of personal, medical and financial information, according to the statement.
That includes patient names, employer-assigned identification numbers, passport numbers, Social Security numbers, financial account information, payment card information, treatment information, diagnosis, treating/referring physicians, medical record number, medical billing/claims information, and prescription/medication information.