Medical Hack
September 21, 2017 by

Data Breach of Medical Supply Firm Affects Over 21,000

The hack of a Nebraska-based medical supply company has affected over 21,000 individual victims in what is the second largest business associate health data breach this year.

In an announcement by federal regulators in Oregon, a hacking incident has exposed the names, addresses, dates of birth and insurance information of over 21,000 individuals. The breach was discovered during a routine review of systems logs when Cornerstone Business & Management Solutions discovered a suspicious account on its server. The company quickly discovered that the account was downloading information stored on the server, including the personal details of patients using its medical supplies.

Cornerstone claims it immediately locked the rogue server to isolate it from the rest of its network.

The company stated in a notice:

We were able to restore our system using unaffected backup copies and continue providing services to patients. We have been monitoring the system, and to date, we have found no evidence of any recurrence of the incident. We are still investigating the incident to determine how the account accessed our system.

The breach was reported to the US Department of Health and Human Services on September 5 as a hacking incident that affected 21,856 individuals in total. That would make the breach the second largest hack involving a business associate this year, after an unauthorized breach reported by Indiana-based Enterprise Services LLC that affected about 56,0000 individuals on June 27.

Altogether, there have been 15 data breaches involving business associates that affected a total of 183,000 individuals, according to the department’s Breach Reporting Tool website. Since the website’s record-keeping in September 2009, a staggering 315 major breaches have been reported to the HHS, affecting a mammoth 26.2 million individuals. That’s 15 percent of the total 2,060 breaches reported to date.

Meanwhile, Cornerstone added it is including new administrative safeguards with additional policies and procedures to strengthen its cybersecurity framework. The company is also offering affected individuals 12 months of free identity theft and credit monitoring.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Hackers Breach Florida Cancer Clinic, 2.2 Million Records Stolen

Fort Myers-based 21st Century Oncology has revealed that it has begun warning 2.2 million patients...

Read more arrow_forward