Maternal, Child and Family Health Services (MFHS), a US-based health and welfare organization, has reportedly been hit by a ransomware attack.
non-profit organization made an announcement On Thursday, the company said its systems were compromised between August 21, 2021 and April 4, 2022.
An investigation that began last April revealed that the attack may have exposed sensitive information to unauthorized individuals.
This personal information included name, address, date of birth, social security number, driver’s license number, financial account/payment card information. Also, usernames and passwords, medical information and/or health insurance information.
Despite the attacks occurring almost a year ago, MFHS did not begin issuing letters to potentially affected individuals until January 3, 2023.
“This latest breach […] HIPAA and HITECH highlight the fact that they fall short in protecting patient privacy.” safe bleach CISO Avishai Avivi.
“Another worrying sign is that it took almost eight months from discovery of the breach before the organization began contacting potentially affected individuals.”
Abibi added that he believes more regulation is needed to follow the financial industry’s lead.
“This includes shorter notification windows and stronger defenses. The fact that ransomware attacks were able to impact patient data is a testament to Maternal & Family Health’s ability to validate control over such attacks. It shows that it wasn’t.”
MFHS CEO Maria Montoro Edwards said in a press release that the nonprofit is serious about protecting the personal information of its patients and employees.
“We understand the inconvenience and concern that this incident may cause, and we are committed to enhancing the security of our systems to prevent this type of incident from happening again.”
The organization also provides credit monitoring and identity theft prevention services to individuals whose social security number or financial account/payment card information may have been involved in the incident.
“Patients don’t just go through credit checks, [to] Please pay attention to the emails you receive and make sure you understand what to look for in email links.” KnowBe4Said Information security.
“If it’s an unexpected email, and even if you know the person, you should be very careful when checking links to avoid cyberattacks.”
The disclosure of the attack comes several weeks after the ransomware group known as Royal. exposed It targets medical institutions in the United States.
