Cyberattack on Norwood Clinic compromises data tied to 228K patients

An October 2021 cyberattack on Norwood Clinic in Alabama was reported to HHS as impacting 228,103 patients. (Photo by Alex Wong/Getty Images)

Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021.

Upon discovery, the systems were secured and the security team worked to “safely restore its systems and operations.” The notice does not disclose whether the attack was caused by ransomware. The investigation determined the hackers gained access to servers containing patient information during the incident.

Norwood could not confirm the specific information possibly accessed during the hack. As a result, all patients are being notified of the potential impact to their data privacy, “regardless of whether their information was in fact subject to unauthorized access or acquisition.” 

The investigation determined the hackers gained access to folders that contain personal information of patients, including names, contact details, date of birth, Social Security numbers, driver’s licenses, some health information, and/or health insurance policy numbers. All patients will receive free credit monitoring, dark web monitoring, and identity theft protection services.

Norwood has since bolstered its email settings and policies, updated its network security technical hardware, improved password complexity rules, and implemented more secure login mechanisms for all accounts.

Data of 92K DRH Health patients impacted by systems hack

A cyberattack against DRH Health systems in January led to the potential compromise of data tied to 92,398 patients. First detected on Jan. 20, the “suspicious activity” impacted access to some of the Oklahoma provider’s systems and briefly disrupted certain systems.

The incident prompted the launch of incident response protocols, with DRH disconnecting all systems and employing an outside cybersecurity firm to investigate. The analysis found the attack impacted patient data stored outside of the primary electronic medical records system.

The compromised data included Social Security numbers, dates of birth, contact details, treatment information, and appointment information, like dates of service and provider names. All impacted individuals will receive complimentary credit monitoring and identity protection services.

DRH has since conducted a global password reset, tightened firewall restrictions, and implemented endpoint threat detection and response monitoring software on its workstations and servers.

Data of 52K Montrose Regional Health patients impacted by email hack

A brief breach disclosure from Montrose Regional Health in Colorado shows that the data belonging to 52,632 patients was possibly compromised, during a monthslong email hack in 2021. The notice does not explain the gap between discovering the incident and the disclosure, nor when the incident was first discovered.

Montrose Regional discovered “unusual activity in an employee’s email account” and worked with third-party specialists to examine the scope. Their review found a hacker accessed multiple employee email accounts for nearly three months between Aug. 2, 2021, and Oct. 26, 2021.

The investigation could not confirm whether the attacker accessed the information contained in the accounts. The compromised data varied by patient and could include inpatient/outpatient status, internal patient account numbers, service dates, cost of treatments, procedure codes, provider names, and/or health insurance providers.

Montrose Regional has since reset account passwords.