Cyber Incident Victim: Cooper University Health Care

Social Action Community Health System (SAC Health) experienced a significant data breach when six boxes of paper documents containing patients' protected health information were stolen from an off-site storage location. The documents included names, addresses, dates of birth, and diagnosis codes. No actual misuse of the data has been reported, but affected individuals were offered complimentary credit monitoring services as a precaution. SAC Health is reviewing its policies and procedures concerning the storage of paper data. The Bryan County Ambulance Authority also suffered a ransomware attack, affecting 14,273 patients. The attack encrypted files on the authority’s systems, and third-party cybersecurity consultants were engaged to assist with the forensic investigation. Affected individuals were offered a complimentary membership to an identity theft protection service. Lifespan Services, a non-profit provider based in Charlotte, NC, was hit by a ransomware attack that compromised data on its servers. The attack allowed the attackers to access patients’ personal information, including names, Social Security numbers, Medicaid numbers, driver’s license numbers, and bank routing numbers. Lifespan restored the encrypted data and implemented additional security measures. The Vice Society ransomware gang claimed responsibility for an attack on Atlanta Perinatal Associates, a healthcare provider specializing in high-risk pregnancies. The stolen data included names, dates of birth, ID numbers, expected due dates, referring physician names, sonographer names, ultrasound results, drug and alcohol use histories, and other health information. Some records also contained credit card information and health insurance details. The data was uploaded to Vice Society’s leak site, and the incident has not yet been reported to regulators.