Medical Hack
September 21, 2017 by

Data Breach of Medical Supply Firm Affects Over 21,000

The hack of a Nebraska-based medical supply company has affected over 21,000 individual victims in what is the second largest business associate health data breach this year.

In an announcement by federal regulators in Oregon, a hacking incident has exposed the names, addresses, dates of birth and insurance information of over 21,000 individuals. The breach was discovered during a routine review of systems logs when Cornerstone Business & Management Solutions discovered a suspicious account on its server. The company quickly discovered that the account was downloading information stored on the server, including the personal details of patients using its medical supplies.

Cornerstone claims it immediately locked the rogue server to isolate it from the rest of its network.

The company stated in a notice:

We were able to restore our system using unaffected backup copies and continue providing services to patients. We have been monitoring the system, and to date, we have found no evidence of any recurrence of the incident. We are still investigating the incident to determine how the account accessed our system.

The breach was reported to the US Department of Health and Human Services on September 5 as a hacking incident that affected 21,856 individuals in total. That would make the breach the second largest hack involving a business associate this year, after an unauthorized breach reported by Indiana-based Enterprise Services LLC that affected about 56,0000 individuals on June 27.

Altogether, there have been 15 data breaches involving business associates that affected a total of 183,000 individuals, according to the department’s Breach Reporting Tool website. Since the website’s record-keeping in September 2009, a staggering 315 major breaches have been reported to the HHS, affecting a mammoth 26.2 million individuals. That’s 15 percent of the total 2,060 breaches reported to date.

Meanwhile, Cornerstone added it is including new administrative safeguards with additional policies and procedures to strengthen its cybersecurity framework. The company is also offering affected individuals 12 months of free identity theft and credit monitoring.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Hackers Breach Florida Cancer Clinic, 2.2 Million Records Stolen

Fort Myers-based 21st Century Oncology has revealed that it has begun warning 2.2 million patients...

Read more arrow_forward