Digital health company myNurse reports data access, will stop operations

Digital health company myNurse, also called Salusive Health, lately notified sufferers of a methods hack that led to the entry of their private and guarded health data. Officials additionally introduced it will finish its scientific operations by the tip of May, stressing the closure is unrelated to the hack.

Leveraging AI, myNurse helps supplier places of work with establishing distant affected person monitoring and power care administration providers, whereas supporting sufferers with monitoring vitals, one-on-one teaching and care coordination. The platform additionally permits insights into the simplest strategy for every affected person, based mostly on medical histories, motivation-levels, and the same insights.

According to a latest discover, a methods hack found March 7 led the safety staff to include and mitigate the incident. Restoration efforts terminated the exercise, whereas the staff labored to safe the community.

The subsequent forensic investigation supported by an outdoor cybersecurity agency decided a hacker accessed sure private and guarded health data. So far, they’ve discovered no proof the data was posted, misused or in any other case shared.

The impacted data might embrace names, contact data, dates of beginning, medical histories, diagnoses, remedies, dates of service, lab check outcomes, prescriptions, supplier names, medical account numbers, health insurance coverage insurance policies and group plan numbers, group plan suppliers, and claims data.

After the investigation, Salusive “made the troublesome choice to stop scientific operations” by May 31.

“This will enable for an orderly hand off of power care administration and distant affected person monitoring providers again to your major care doctor,” officers defined. “This improvement is unrelated to the data safety incident we skilled and doesn’t have an effect on the care you obtain out of your medical skilled.”

Patients have been additionally knowledgeable they may preserve the units acquired from the company. The discover comprises no additional data into the hack and whether or not ransomware or extortion was concerned. The myNurse website exhibits the seller has partnerships with Medicare, United Healthcare, and different business stakeholders.

Cyberattack hits LA County Department of Mental Health

The Los Angeles County Department of Mental Health (DMH) recently began informing sure purchasers that their data was compromised after a “malicious cyberattack” and subsequent worker e mail hacks.

The assault occurred between Oct. 19, 2021, and Oct. 21, 2021, which enabled a hack to acquire the login credentials of three staff by way of a profitable phishing assault. The credentials have been tied to the staff’ Microsoft Office accounts. The emails have been despatched “from a trusted enterprise associate whose e mail server the actor or actors had compromised.”

The compromised associate accounts allowed the attacker to pivot its efforts to DMH, focusing on staff with a number of phishing emails.

The investigation confirmed the cyberattack possible gave the attacker entry to sure private data, akin to names, contacts, dates of beginning, driver’s licenses, Social Security numbers, health data, insurance coverage particulars, and monetary account numbers. The data was tied to sure DMH purchasers.

The impacted accounts have been initially disabled to stymy the affect of the hack, and the impacted credentials and multi-factor authentication have been additionally reset. Law enforcement was additionally notified, which resulted within the delayed affected person notices, officers defined.

DMH is at the moment reviewing and updating its safety insurance policies, procedures, and controls. Officials added that they’ve “additionally notified Microsoft of the vulnerability in the Microsoft Office 365 multi-factor authentication that was exploited by the malicious actor or actors.”

ADA reports ongoing outage attributable to “cybersecurity incident”

An ongoing “cybersecurity incident” on the American Dental Association is inflicting disruptions for some linked purchasers, together with the Texas Dental Association and the New York Dental Association.

The incident marks the sixth U.S.-based healthcare supplier to face outages over a cyberattack this 12 months. Tenet Healthcare, Oklahoma City Indian Clinic, and Taylor Regional Hospital are nonetheless going through outages to sure methods after going through related assaults. The assaults on the latter two suppliers started greater than a month in the past.

ADA first reported “technical points” tied to a cybersecurity incident on April 23 in an e mail to members. The problem impacted member-only entry to each the ADA and TDA web sites. ADA officers started isolating the incident with help from outdoors specialists, whereas stressing that “a data breach has not occurred.”

However, the incident prompted ADA to close down and isolate all methods till the difficulty is absolutely resolved.

The newest replace from TDA exhibits the incident was certainly a cyberattack deployed on April 21, at the moment below a “vigorous investigation” in cooperation with federal authorities, which is inflicting technical difficulties. 

“The ADA acknowledges unsubstantiated reports are being circulated by organizations with no connection to this investigation,” officers stated in a discover. “ADA is working intently with third-party cybersecurity specialists and federal authorities…” and will ship an replace quickly.

TDA pressured that it doesn’t have detailed data on the incident, noting to members that there are numerous articles circulating on-line in regards to the incident. The discover is probably going referring to various media reports that purport the brand new Black Basta ransomware group is behind the assault, however ADA has denied these reports.

For now, there’s no estimated timeframe for restoration. For TDA, the incident is impacting the administration of member data because it’s linked to the ADA membership administration system. The Aptify platform stays shut down because of the cybersecurity incident, which has left sure ADA member teams with out entry to the data.

The outage can also be impacting the flexibility of dentist members to entry the members-only content material on the TDA and ADA web sites.

TDA is working straight with its IT consultants to make sure the safety of its inner methods, whereas consulting with third-party pc forensic leaders to scale back the prospect of a cyberattack in its personal setting, which has not been straight affected by the ADA incident. The TDA workforce additionally went by way of cybersecurity coaching in February 2022.

The group is urging all members to contact their very own IT professionals to make sure they’re adhering to greatest practices.

Valley View Hospital Association reports e mail hack affecting PHI

The protected health data of an undisclosed variety of sufferers tied to the Valley View Hospital Association was doubtlessly accessed through the hack of 4 worker e mail accounts in January.

First found on Jan. 19, a hacker accessed the accounts containing affected person data. The accounts have been rapidly secured to stop additional entry, along with launching a forensic assessment with outdoors help to evaluate the incident and affect on community computer systems.

“We don’t imagine that any private data was faraway from our system,” officers stated in an announcement. A assessment of the e-mail contents concluded on Mar. 29 and confirmed affected person data was contained within the impacted accounts. The discover offers no additional data into the kind of data doubtlessly accessed through the incident.