vz-risk / VCDB

VERIS Community Database
Other
578 stars 180 forks source link

Family Health Center Reports Data Breach #20651

Open swidup opened 7 months ago

swidup commented 7 months ago

https://www.hipaajournal.com/medusa-ransomware-group-leaks-american-renal-associates-data/

"Family Health Center in Kalamazoo, MI, has announced that it fell victim to a cyberattack that caused network disruption and impacted the functionality and access of certain systems. Prompt action was taken to contain the attack and prevent further unauthorized access on January 25, 2024, when the breach was detected and a third-party cybersecurity firm was engaged to conduct a forensic investigation.

The investigation uncovered evidence of unauthorized access to files that contained patient information. The review of those files confirmed that they contained employee information such as names, addresses, health insurance information, and Social Security numbers, and patient information such as first names, last names, and medical information. Family Health Center has reported the breach to the HHS’ Office for Civil Rights as affecting 3,240 individuals and said it has taken steps to improve security, including expanding multi-factor authentication and increasing monitoring of its network for suspicious activity."

swidup commented 5 months ago

https://healthitsecurity.com/news/eye-care-company-suffers-377k-record-data-breach

"Family Health Center (FHC), a Federally Qualified Health Center in Michigan, notified 34,926 individuals of a data breach that occurred in January 2024. On January 25, FHC discovered a network disruption, promptly disconnected access to the network, and engaged a third-party cybersecurity firm.

Further investigation determined that an unauthorized party accessed some FHC files.

The impacted files contained employee names, addresses, health insurance information, and Social Security numbers. For patients, the impacted information included names and medical information.

In the wake of the incident, FHC said it increased data access control measures, expanded its use of multi-factor authentication, and increased monitoring for suspicious activity."