Connect with us

Hi, what are you looking for?

Cyber Security

Data breach at third-party provider exposes medical information of US healthcare patients

data breach at a third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers.

Unknown actors gained unauthorized access to a database owned by Elekta, which provides a cloud-based platform that handles legally-required cancer reporting to the State of Illinois.

In a security advisory, the healthcare provider, based in Chicago, said that the attackers made a copy of the datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers.

The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.

Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital.

NMHC said that no financial information was accessed. Any patients believed to have been affected will be notified by post. NMHC will also be offering free credit monitoring services to those whose Social Security numbers were exposed.

“Patients are encouraged to review statements from their health insurer or healthcare provider, and to contact them immediately if they see any services they did not receive,” the statement reads.

“We regret that this incident occurred and are committed to protecting the security and privacy of patient information.”

NMHC also said it was “re-evaluating its relationship with Elekta”.

The Daily Swig reached out to NMHC, which directed us to their statement.

Third-party perils

The attackers did not access NMHC’s systems, networks, or health records, the company confirmed.

Rather, the incident was a stark reminder about the risks of using third-party software or services.

The notorious Blackbaud incident is a good example of what can happen as a result of a cyber-attack at a service provider.

Hundreds of charitable organizations and fundraising initiatives were affected by the ransomware attack, which exposed the personal details of financial donors.

Source: https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patients

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO