Taylor Regional Hospital Still Affected by January Cyberattack
Taylor Regional Hospital based in Campbellsville, KY has encountered a cyberattack, which led to taking down its IT and telephone systems. The hospital reported the cyberattack on January 24, 2021. To date, the hospital continues to experience outages with selected computer systems and phone lines. There were temporary telephone lines set up so that patients can get in touch with the hospital whilst resolving the cyberattack.
Cyberattacks like this usually involve ransomware, however, no information has been available up to now regarding the actual nature of the attack, nor the time its IT systems are likely to be available. At this early phase, it is not clear if any patient data has been accessed or stolen by attackers.
An announcement on the hospital’s website said that the hospital continues to provide quality care to patients and it is working as fast as possible to securely bring back its IT systems on the internet. Patients are encouraged not to postpone seeking clinical care; nonetheless, without access to computer systems, patients were requested to bring details of their prescription medication with them to any visits that were previously planned.
The hospital stated routine outpatient labs will just be conducted for a limited time until further notice, and patients were informed to have a written order and patients ought to expect extended wait times than before. The walk-in COVID-19 clinic remains open although will accept patients on a first-come, first-served basis.
Data Stolen from Connecticut Accountancy Company Due to Cyberattack
The certified public accountancy company located in Glastonbury, CT, Fiondella, Milone & LaSaracina, has reported a cyberattack in September 2021. The company detected the security breach on September 14, 2021, and based on the forensic investigation, the hackers got access to its systems from September 9, 2021.
On or about October 13, 2021, it was confirmed that the attackers copied files and folders from its system that included the sensitive data of a number of people. The information probably breached was mainly limited to names and Social Security numbers. Some individuals also had the following ambulance trips related data stolen: service level, tracking numbers and date, payor types and category, mileage details, charge/payment details, billing review data, and remittance advice details, which may have included health care details.
Fiondella, Milone & LaSaracina mentioned an analysis of security measures was conducted and more safeguards will be put in place to stop other security breaches. There is no statement in the website breach notice about credit monitoring and identity theft protection services.
The accounting firm has sent the breach report to the HHS’ Office for Civil Rights indicating that 6,215 persons were affected.