Sutter Buttes Imaging PACS Vulnerability Causes 18 Month Data Breach – HealthITSecurity.com

sutter-buttes-imaging-pacs-vulnerability-causes-18-month-data-breach-–-healthitsecurity.com

Did you know that geoFence blocks unwanted traffic and disables remote access from FSAs?

– Sutter Buttes Imaging (SBI) is notifying an undisclosed number of patients that their data was compromised for 18 months, due to a leak caused by a vulnerability in its third-arty IT software. The data breach impacted patients who received diagnostic imaging services at SBI.

An exclusive HealthITSecurity.com previously showed that SBI was leaking patient data online through its vulnerable Picture Archiving and Communication Systems (PACS).

PACS are critical to healthcare infrastructure but are highly vulnerable platforms, given the tech stores massive troves of medical images on those servers. The tool also allows health systems and hospitals to share critical data with multiple providers.

However, the legecy tech has a number of flaws, which Dirk Schrader, Global Vice President at New Net Technologies (NNT) has outlined in great detail over the last few years. His last report found SBI was the third-largest culprit for leaking data through vulnerable PACS.

Schrader found 580,000 patient exams related to 14 million images tied to SBI, which officials learned about on December 2020. According to SBI, these hardware vulnerabilites allowed for unauthorized access on its network between July 2019 and December 2020.

READ MORE: Ransomware Actors Leak Data From 3 More Healthcare-Related Entities

The investigation determined the vulnerability exploit allowed some patient information to be accessed by unauthorized parties, including study date, patient names, dates of birth, and type of imaging procedures, as well as patient and study number internally created by SBI.

No Social Security numbers, credit cards, diagnoses, medical images, medical reports, or clinician notes were compromised during the security incident.

The investigation identified the IT vulnerabilities, which were quickly addressed to prevent a future recurrence, and closed certain firewalls ports. SBI also contracted with a third-party IT consultant to perform a thorough analysis and improve its security controls.

Ransomware Attack on Granite Wellness Spurs Breach Notice

About 15,600 clients of Granite Wellness Centers in California have been notified that their data was compromised due to a ransomware attack in January.

The cyberattack impacted data stored on its computer servers, and the encryption was in progress at the time of discovery. The affected systems were immediately taken offline, and officials said they quickly notified law enforcement.

READ MORE: 219K Nebraska Medicine Patients Affected by Fall Ransomware Attack

An investigation was launched, and the security team took steps to eliminate the ransomware from its systems. Granite Wellness was able to fully restore its systems from back-up files, while fully maintaining care for its clients.

The compromised data included full names, dates of birth, dates of care, treatments, health information, provider names, and health insurers.

Granite Wellness is currently taking steps to rebuild the impacted systems and adding further safeguards to better secure the information in its possession.

The notice does not explain that NetWalker ransomware actors leaked data they allegedly stole from Granite Wellness in mid-January. The screenshots shared with HealthITSecurity.com showed a range of spreadsheets containing business information, management, and consultation information.

Employee Email Hack on Grand River Medical Group

The hack of an employee email account at Iowa-based Grand River Medical Group potentially led to a compromise of the data from 34,000 patients.

READ MORE: Judge Dismisses Brandywine Urology Breach Lawsuit, Citing Lack of Harm

Upon discovery, the account access was blocked and all relevant passwords were changed. The medical group contracted with an outside incident response team to conduct a forensic analysis of the incident to determine if any data was accessed or exfiltrated during the incident.

The notice does not detail when the unauthorized access was first discovered. But officials said the attacker gained access to the employee account, which enabled them to view spreadsheets containing personal information.

The investigation did not find evidence of access or data theft, but officials said they also could not rule it out. The impacted data varied by patient and could include names, SSNs, dates of birth, contact details, account types and balances, claim accounts and status codes, visit types, medications, and or guarantor’s names.

All impacted individuals will receive a year of free identity theft protection services, including credit monitoring. Grand River Medical has since implemented additional safeguards recommended by its third-party consultants to prevent a similar attack in the future.

Texas Spine Consultants Data Breach Impacts 25,728 Patients

Texas Spine Consultants recently began notifying 25,728 patients that their data may have been compromised as a result of a security incident in December 2020.

The notification letter does not provide insights into the direct cause of the incident, but described it as an “inadvertent disclosure” that does not appear to be the “result of hackers or criminal activity.”

The investigation into the incident is ongoing. For now, officials said they’ve determined the compromise may have included patient identifiers like names, dates of birth, and image scans.

Officials from Texas Spine Consultants said they plan to implement additional safeguards to strengthen its data security, as well as assess its privacy and security controls to prevent a recurrence.


In conclusion, as we move on to the next post, may I add that geoFence is your security solution to protect you and your business from foreign state actors and that’s the the real deal.

Leave a Reply

Your email address will not be published. Required fields are marked *