Hacking Incidents Announced by Retinal Consultants Medical Group, Ace Surgical Supply and Three Rivers Regional Commission

Retinal Consultants Medical Group, Three Rivers Regional Commission, and ACE Surgical Supply have lately announced cyber attacks by which unauthorized individuals might have obtained the protected health information (PHI) of patients.

11,603 Retinal Consultants Medical Group Patients Impacted by Hacking Incident

Vitreo-Retinal Medical Group Inc., doing business as Retinal Consultants Medical Group, reveals it suffered a sophisticated cyberattack that was noticed on or approximately July 12, 2021 and prompted a service interruption.

Vitreo-Retinal Medical Group employed third-party cybersecurity experts to help fix its systems and look into the nature and extent of the attack. Though the investigation affirmed that unauthorized people had acquired access to its computer system, there’s no certainty if the unauthorized person viewed or exfiltrated any protected health information. No report was obtained that indicate attempted or actual patient information misuse.

An extensive manual and programmatic assessment of the affected systems established the potential compromise of the following types of PHI: name, address, birth date, disease or treatment data, medical record number, patient account number, diagnosis code, Medicaid/Medicare details, name of treating doctor, medical insurance data, and username/password. The Social Security numbers of some patients were likewise located on the impacted systems.

Vitreo-Retinal Medical Group states that third-party cybersecurity professionals were assisting with the evaluation of its security systems and supplemental measures are going to be enforced, as needed, to strengthen data security.

The hospital issued notifications to the affected persons beginning on November 9, 2021, and free credit monitoring services were provided where necessary.

Cyberattack on ACE Surgical Supply Impacts 12,122 Persons

ACE Surgical Supply based in Brockton, MA has learned that an unauthorized individual has gained access to its IT system and may have seen or acquired the PHI of 12,122 people.

The attacker got access to its systems on June 29, 2021. The breach was identified the same day. The investigation verified that the impacted systems stored personal data together with financial account numbers, debit/credit card details, and data that could likely enable account access.

ACE Surgical Supply explained affected persons were given 24-months credit monitoring and identity theft protection services at no cost.

2,000 Individuals Affected by Three Rivers Regional Commission Ransomware Attack

The regional planning organization located in Griffin, GA, Three Rivers Regional Commission, has found out that unauthorized persons may have obtained the protected health information of approximately 2,000 people as a result of a ransomware attack.

The attack was discovered on July 20, 2021, when personnel cannot log into its computer systems. Third-party cybersecurity specialists helped Three Rivers Regional Commission to ascertain whether the attacker acquired access to its systems from July 18, 2021 to July 20, 2021 and before using ransomware, exfiltrated files comprising sensitive information.

The forensic investigation is in progress and notification letters are going to be mailed to the impacted persons upon confirmation of their identities and contact data. At this point, these types of details are assumed to have been acquired in the attack: Name, Social Security number, driver’s license number, address, and medical details, which include diagnosis and treatment data, laboratory test data, prescription drugs, and Medicare/Medicaid identification numbers.

Three Rivers Regional Commission mentioned it is adding more administrative and technical safety measures to protect the data in its systems.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone