Cyberattacks on Kannact, Metro Health System, COX Health, SoutheastHealth, Atlantic General Hospital and PharMerica

Kannact & Vincera Institute Encounter Cyberattacks

Home care service provider, Kannact Inc. based in Albany, OR, states it discovered unauthorized access to its computer system on March 13, 2023. A third-party cybersecurity company helped look into the incident and affirmed that the sections of the system that were viewed included patients’ protected health information (PHI), though, at this point of the investigation, it is not clear whether patient information was accessed or stolen from its systems. During the sending of notifications, Kannact did not get any report that indicates the misuse of patient information.

The analysis of the files that were possibly accessed showed they included a variety of data, which differed from one person to another. Data possibly exposed included names along with at least one of these data elements: birth date, address, telephone number, driver’s license number, Social Security Number, and medical data like health diagnosis, treatment details, and pharmaceutical information.

Kannact stated that it deactivated its third-party managed file transfer software program, deactivated all associated API keys, and is enhancing its patient information intake process. People who had their driver’s licenses and Social Security numbers affected were provided with free credit monitoring and identity theft protection services.

On June 20, 2023, Kannact submitted the breach report to the HHS’ Office for Civil Rights indicating that up to 103,547 people were affected.

Metro Health System Reports 15-Year Employee Privacy Breach

Metro Health System based in Cleveland, OH found out that an employee accessed patient files with no legitimate work reason. On April 27, 2023, the provider discovered the unauthorized access and the following investigation affirmed the unauthorized access to patient records at different times in the last 15 years. The initial incident took place in 2008.

The data accessed included patient names, birth dates, and clinical data. The employee did not access Social Security numbers or financial data. A representative of Metro Health stated that the employee was disciplined according to its sanctions guidelines and that there is no proof that indicates the redisclosure of patient information or any improper use of that data. Impacted persons will receive the mailed notification. Metro Health is taking steps to enhance its privacy strategies and gave additional training to the employees.

COX Health Impacted by Hacking of Fortra GoAnywhere File Transfer Solution

CoxHealth based in Springfield, MO lately reported the compromise of patient data in a cyberattack on Intellihartx, its billing vendor, in January 2023. By exploiting a vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution, the Clop ransomware group stole sensitive information and issued a ransom demand to keep that information from exposure.

CoxHealth states around 203,000 individuals had their PHI taken in the attack, which includes names, birth dates, addresses, Social Security numbers, billing data, insurance data, and diagnoses. This attack had the highest number of patients affected – 203K. It cannot be determined with certainty precisely how many persons were impacted. Intellihartx has provided free credit monitoring and identity theft protection services to impacted persons.

SoutheastHealth Reports Potential Vendor Breach

SoutheastHealth based in Cape Girardeau, MO has reported a potential data breach that occurred at ITX (Intellihartx), a vendor. SoutheastHealth stated it discovered a possible breach when one patient mentioned getting a letter from Intellihartx expressing the exposure and potential theft of their PHI.

SoutheastHealth mentioned that names, addresses, birth dates, billing details, insurance data, diagnoses, medicines, and Social Security numbers were possibly stolen during the attack on the file transfer software and affirmed there was no impact on its own systems. According to SoutheastHealth, it doesn’t have a business relationship with Intellihartx right now and there is no official notification letter obtained from Intellihartx that mentioned the impact of the incident on SoutheastHealth.

Atlantic General Hospital Ransomware Victims Increases to About 140,000 People

In March 2023, Atlantic General Hospital informed the Maine Attorney General that it encountered a ransomware attack where the PHI of 30,704 persons was compromised; but the truth is, the ransomware attack was a lot bigger than was earlier reported. The total number of victims increased to 136,981 persons.

Atlantic General Hospital discovered the attack on January 29, 2023. It was confirmed by the forensic investigation that hackers acquired access to its system from January 20 to January 29, 2023. The preliminary analysis of files that were possibly exposed in the breach was finished on March 6, 2023. The following data may have been accessed or stolen: names, medical record numbers, names of treating/referring doctors, medical insurance details, subscriber numbers, medical background data, and diagnosis/treatment details. The hospital sent notification letters on March 24, 2023, and offered free credit and identity monitoring services to impacted persons.

The attack investigation carried on, and more compromised files were found. The evaluation of those files was done on May 15, 2023, and right after acquiring updated contact details, the hospital sent additional notification letters to impacted persons on June 22, 2023. The breached data included names along with at least one of the following data: birth date, Social Security number, financial account details, health/treatment data, and medical insurance details. Those persons likewise received free credit and identity monitoring services. Atlantic General Hospital states it is focusing on applying further safety measures to enhance data safety and has given additional training to its employees.

PharMerica Ransomware Attack Impacts Palomar Health Patients

Palomar Health located in San Diego, CA recently reported the exposure of patient information in a ransomware attack on PharMerica, its business associate. This nationwide provider of pharmaceutical services detected the ransomware attack on or about March 14, 2023. It was confirmed by the forensic investigation that about 5,815,591 persons were impacted. The Money Message ransomware group is responsible for the attack. The group included the stolen information on its leak site at the end of March.

Palomar Health has reported the potential compromise of the following data in the attack: name, address, birth date, Social Security number, prescription drugs, and medical insurance info. Affected individuals got treatment at The Villas at Poway (Villa Pomerado) or Palomar Continuing Care Center located in Escondido from 2001 to 2020. PharMerica is providing free credit and identity theft monitoring services to the impacted persons and is sending notification letters to patients immediately. The number of affected Palomar Health patients is presently unknown.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at