More than 600K patients affected in UNM Health hack

The College of New Mexico Wellness Method started notifying clients previously this thirty day period about a new cybersecurity incident ensuing in possible data exposure.

In accordance to the system’s report to the U.S. Division of Wellness and Human Companies Office of Civil Rights, 637,252 people today were being affected.  

UNM Wellness stated that on May perhaps two, an unauthorized 3rd bash gained obtain to its community and could have accessed or attained specific documents. The well being system discovered the breach on June four, much more than a thirty day period later on.  

“A single of the much more disparaging and difficult difficulties with data breaches is the revelation of how prolonged the cybercriminals were being inside of the organization’s community undetected,” noticed James McQuiggan, safety consciousness advocate at the teaching vendor KnowBe4.   

“Aspect of the cybercriminal’s repertoire is to silently function by an endpoint to the significant techniques by making use of exploits and stolen qualifications,” McQuiggan extra.  

Following examining the documents, UNM Wellness established that some patient details – these types of as names, addresses, dates of beginning, healthcare document or patient identification quantities, well being coverage information and minimal clinical details about care – was contained within just them. Some patients’ Social Safety quantities also were being included.  

UNM Health’s digital well being document was not obtainable, stated officials, who did not share any much more facts about the nature of the incident.  

“UNM Wellness requires this situation extremely seriously and is taking methods to assistance be certain some thing like this does not materialize yet again. UNM Wellness has offered more instruction to workers and is improving the safety of its techniques and the details it maintains,” wrote reps in a see posted to the well being system’s website.  

A cyberattack at Memorial Wellness

Midway across the nation, Memorial Wellness System’s well being expert services were being disrupted by a ransomware assault reportedly carried out by the Hive ransomware gang.  

“Memorial Wellness Method is a nonprofit organization, which can make it an even much more beautiful target for cybercriminals mainly because nonprofits are often seen as possessing lessen defensive maturity and minimal cybersecurity experience,” noticed Stephan Chenette, cofounder and main technology officer at the safety optimization system AttackIQ.  

The assault, which was discovered early Sunday morning, compelled the Ohio-based Memorial to suspend consumer obtain to IT apps. The well being system canceled all urgent surgical circumstances and all radiology tests for Monday, with all major care appointments held as scheduled.  

Team at Memorial’s hospitals – Marietta Memorial, Selby and Sistersville Typical Clinic – also had to depend on paper charts while techniques were being restored.  

“Protecting the protection and safety of our clients and their care is our best priority and we are performing anything achievable to decrease disruption,” stated Memorial Wellness Method President and CEO Scott Cantley in a statement.  

“At this time no identified patient or worker private or fiscal details has been compromised,” he extra. “We are continuing to function with IT safety experts to methodically look into to exactly realize what transpired and are taking the correct steps to take care of any and all difficulties.”  

As of Wednesday, no updates had been posted to Memorial’s website or Fb site about system restoration.

Kat Jercich is senior editor of Healthcare IT Information.
Twitter: @kjercich
Electronic mail: [email protected]
Healthcare IT Information is a HIMSS Media publication.