BlogCybersecurity
Security questionnaire overload? Know your options.
5 Minute Read
Read Security questionnaire overload? Know your options.Cybersecurity
Keep Up with CORL: Vendor Breach Digest, 3/15/22
CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. As part of our tech-enabled managed services for vendor risk management, we also follow up with vendors and track remediation and response activities following breach events.
Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain.
Morley Companies, a Saignaw, MI-based provider of business services, has recently announced it was the victim of a cyberattack that started on August 1, 2021, that prevented access to data in its information systems. The breach affected approximately 521,046 individuals. The forensic investigation confirmed the following types of information were potentially accessed and/or stolen in the cyberattack: names, addresses, Social Security numbers, birthdates, client identification numbers, medical diagnostic and treatment information, and health insurance information. Read more about the Morley Companies breach |
Hackers gained access to South Denver Cardiology Associates systems from January 2, 2022, to January 5, 2022 and accessed information for approximately 287,652 individuals. A comprehensive review of those files confirmed they contained patient names along with one or more of the following types of information: dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, health insurance information, and clinical information such as physician names, dates and types of service, and diagnoses. Read more about the South Denver Cardiology Associates breach |
Securitas suffered a data breach which exposed 1.5 million files. One of the company’s Amazon S3 buckets (cloud) was left open, exposing employee PII and sensitive company data. The databases contained the information of Securitas employees and airport employees, photos of ID cards and other unmarked images, including full names, pictures of employees, occupations, and national ID numbers. Read more about the Securitas breach |
Priority Health experienced a data security incident where an unauthorized individual gained access to several Priority Health Member Portal accounts. Information that could have been accessed includes individuals’ names, dates of birth, addresses, phone numbers, email addresses, insurance information, claims information and limited medical information. Read more about the Priority Health breach |
Medical Healthcare Solutions, Inc. (“MHS”) is a medical billing and practice management company based out of Andover, Massachusetts. The organization suffered a hacking/IT incident to their network server that affected approximately 133,997 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Medical Healthcare Solutions breach |
PracticeMax handles billing, satisfaction research and IT support to hospitals, physicians, practice groups and others in the healthcare industry. PracticeMax experienced a security incident resulting in an unauthorized party gaining access to their sensitive information affecting approximately 165,698 individuals. Information includes names, addresses, Social Security numbers, dates of birth, treatment and diagnosis information, health insurance information, financial information, patient account numbers, employer and employee identification numbers, passport numbers, driver’s license numbers, state identification numbers, prescription information, and provider or employee login information. Read more about the PracticeMax breach |
Charlotte Radiology experienced a data breach in which patient information was stolen, including a very limited number social security numbers. The documents included such patient information as their name, address, date of birth, health insurance information, medical record number, patient account number, physician name, date(s) of service, diagnosis and/or treatment information related to radiology services. Read more about the Charlotte Radiology breach |
RR Donnelley (RRD) has confirmed that threat actors stole data in a cyberattack. While RRD initially said they were not aware of any client data stolen during the attack, the Conti ransomware gang claimed responsibility and began leaking 2.5GB of data allegedly stolen from RRD. Conti soon removed the data from public view after RRD began further negotiations to prevent the release of data. Read more about the RR Donnelley breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 87,552 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the US Radiology Specialists breach |
Pekin Insurance experienced an unauthorized party accessing the personal information of certain customers, with the theft of an insurance agent’s login credentials. While the compromised information may vary per person, it may include their name, address, driver’s license number and date of birth. The breach affected approximately 10,872 individuals. Read more about the Pekin Insurance breach |
The International Committee of the Red Cross’s contactor suffered the theft of personal data for more than 515,000 people in ‘Restoring Family Links,’ a program that helps reunite families separated by war, disaster, and migration. Read more about the International Committee of the Red Cross breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 2,429 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the DataHEALTH breach |
American Osteopathic Association suffered a data breach affecting approximately 27,000 individuals. The data included their full names, Social Security numbers and financial account information. Read more about the American Osteopathic Association breach |
Vantage Holding Company suffered a hacking/IT incident to their network server that affected approximately 1,762 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Vantage Holding Company breach |
Crossroads Health, a mental health and behavioral health services organization, suffered a hacking/IT incident to their network server that affected approximately 10,324 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Crossroads Health breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 4,270 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the UMass Memorial Health breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 864 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the LGAA, LLC breach |
AON identified a cyber incident impacting a limited number of systems. The company does not expect the incident to have a material impact on its business, operations, or financial condition. Read more about the AON breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 14,970 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Alliance Physical Therapy Group breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 5,746 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Liberty of Oklahoma Corporation breach |
Oklahoma’s Department of Human Services experienced an unauthorized access to their emails in which thousands of individuals’ information might have been stolen or compromised. Information included name, address, date of birth and age, phone number, social security number, Oklahoma Client number which could be a Medicaid ID number, as well as the representing person’s name, address, and phone number. Read more about the Oklahoma’s Department of Human Services breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 2,406 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Medical Review Institute of America breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 1,659 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Caring Communities breach |
The organization suffered a hacking/IT incident to their network server that affected approximately 1,125 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Practolytic breach |
Axis Communications’ network cameras, access control systems, and surveillance network appliances suffered a cyberattack, forcing them to shut down all systems to limit the impact. Read more about the Axis Communications breach |
Oklahoma Healthcare Authority (OHCA) suffered an unauthorized access/disclosure to their network server affecting approximately 6,413 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the OHCA breach |
Advent Health Partners, Inc. suffered a hacking/IT incident to their emails that affected 1,383 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Advent Health Partners breach |
Expeditors International suffered a cyberattack causing the company to temporarily shut down operating systems globally. Read more about the Expeditors International breach |
Aetna suffered a hacking/IT incident to their network server that affected approximately 893 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the Aetna breach |
CVS Pharmacy experienced a hacking/IT incident to their network server that affect approximately 6,221 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services. Read more about the CVS Pharmacy breach |
Nespresso experienced a data leak through a third-party supplier. Information leaked may have included names, phone numbers, and email addresses. Read more about the Nespresso breach |
T-Mobile suffered a data breach that affected approximately 335,000 individuals. Read more about the T-Mobile breach |
The State Bar of California experienced a data breach that exposed confidential records. A public website that accumulates nationwide court case records was able to access and display limited case profile data on about 260,000 nonpublic state bar attorney discipline case records, as well as about 60,000 public court case records. Read more about the State Bar of California breach |
CORL’s Managed Services & Next Generation Exchange of Vendor Risk Data
In order to combat these growing supply chain risks, CORL has developed a proprietary data clearinghouse that provides access to assessment results of over 80,000 vendor assessments CORL has conducted. Each year, CORL conducts thousands more vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.
CORL’s tech-enabled managed services and next generation exchange of vendor risk data allows healthcare entities to:
- Prioritize vendors for assessment and remediation
- Make informed supply chain risk decisions
- Scale vendor risk programs
- Report on vendor risk across the entire vendor portfolio
- Drive and track remediation
- Validate controls and gain assurance
- Track KPI, KRI, and SLA metrics on program performance
- Identify trends in vendor types to anticipate breaches
- Save time, money, and resources
- Accelerate assessment turnaround times
Contact our team here at CORL to learn more about our managed services and next generation exchange for healthcare vendor risk data that gets results with regulatory compliance and lowers supply chain risks.
About the Author
CORL Technologies
CORL transforms TPRM chaos into clarity
CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction. CORL accelerates the speed of vendor risk assessments and holds vendors accountable for remediating risk exposures.
Related Posts
BlogCybersecurity
Do You Understand Your Vendors’ SOC 2 Reports?
3 Minute Read
Read Do You Understand Your Vendors’ SOC 2 Reports?
BlogCompliance
CISA Cyber Performance Goals: Third-Party & Supply Chain Requirements
5 Minute Read
Read CISA Cyber Performance Goals: Third-Party & Supply Chain RequirementsYou might also be interested in…
Webinars
AI + Healthcare: The Evolving Cybersecurity Equation
WEBINAR AI + Healthcare: The Evolving Cybersecurity Equation The healthcare industry is undergoing a profound transformation, driven by the integration of artificial intelligence (AI) into various facets of healthcare delivery, diagnosis, and treatment. AI technology has the potential to revolutionize healthcare, improving care quality, reducing costs, enhancing efficiency, and even improving outcomes. However, with these […]