Hacking of third-party vendor emails has reportedly exposed patient and clinical data, resulting in delays in care and disruption of clinical workflow across the healthcare system.
Yingshi. Luke’s Health has learned that a data breach affecting consultant Adelanto Healthcare Ventures has compromised protected health information. The data breach affecting 16 hospital systems in Texas is unrelated to the massive ransomware attack on its parent company, CommonSpirit Health.
Not aware of it for nearly a year
According to the announcement on October 28, after a preliminary investigation by a third-party consultant, St. Luke’s Data is unaffected.
However, further investigation revealed that the email accounts of two of its employees, which were hacked on November 5, 2021, did contain patient information from St. Luke’s Hospital – including Personally identifiable information, medical record numbers, treatment and diagnosis codes, etc. Adelanto Healthcare Ventures updated on September 1 with findings from the health system.
While a healthcare data breach was reported on Oct. 30, according to the list of civil rights cases investigated by the U.S. Department of Health and Human Services for violations of unsecured PHI, local communities Started being affected weeks ago.
KHOU Houston local news reported on Oct. 5 that some patient appointments have been canceled and are being rescheduled. A nurse who asked not to be named also told the outlet that some St. Luke facilities are entirely paper charts.
St. Luke said that in order to prevent further data breaches in its breach announcement, it has taken some systems offline until the incident is resolved.
The health system also said it was notifying affected patients — 16,906, according to OCR data — and offering free identity monitoring.
Cyberattacks are a near-daily occurrence, leading the federal government to require zero adoption across agencies trust structure.
While some healthcare cyberattacks have historically been the work of criminal gangs, cyberwarfare has recently become a concern for key sectors.
Since the beginning of the year, the US has reported 194 cases of cyber hacking/IT incidents compromising email accounts to OCR.
The total number of hacking attacks on electronic medical records was 41, while 483 attacks on web servers were under investigation.
Overall, OCR lists 911 PHI data breaches under investigation, so far this year.
Andrea Fox is Senior Editor for Healthcare IT News. Email: [email protected]
Healthcare IT News is a HIMSS publication.