Health and medical associations are tempting targets for hackers, and that’s been made more than clear today, with not one, but two different hospitals suffering from data breaches. In Michigan, an attack on Complete Chiropractic & Bodywork Therapies has suffered a malware attack that compromised the personal information of over 4,000 patients, while over in Texas, the Medical Colleagues of Texas, LLP has found an outside source accessed its computer network, resulting in multiple patients being put at risk.

CCBT’s Malware Woes

Complete Chiropractic & Bodywork Therapies (CCBT), located in Ann Arbor, MI., discovered malware in its system after a server malfunction, which triggered security protocols. The server was isolated, passwords were changed, and a new firewall was installed, to contain the damage as best as possible.

Upon investigation, HIPAA Journal reports, external forensics experts found that the malware scanned the network for login information, including passwords, and sent the information back to the hacker. The afflicted server holds information such as encrypted medical records, billing information, names and addresses, and Social Security numbers.

While there’s no information to suggest that the data has been sent to the hackers, it’s not a chance worth taking. Patients have been notified, and CCBT is offering them a year of identity theft protection services.

Medical Colleagues Hacked

Meanwhile, the Medical Colleagues of Texas is dealing with its own hacker problem, reports the Houston Chronicle. An outside entity accessed its computer network, which contains information such as health insurance, names and addresses, and Social Security numbers. Health IT Security reports that the company has been notifying those affected by email, and has set up a call center, in addition to offering a free year of credit monitoring services.

The Common Links

These two unconnected attacks share a few similar traits, in more ways than that they were targeting healthcare organizations. In both cases, the hackers could access insurance information, personal information, and most worryingly, Social Security numbers. According to Salim Hafid of Bitglass:

“Identity theft is easier than it seems – how much personal information does a bank ask for beyond name, address, Social Security number, and date of birth. All this information is stored by healthcare providers, and for 113 million Americans last year alone, that information has been compromised and is readily available on the black market. For most, a name or address change aren’t feasible options, neither is requesting a new Social Security number, a cumbersome paperwork-intensive process. Criminals can even use leaked healthcare data for access to medical care in the victim’s name or to conduct corporate extortion.”

The two impacted organizations were wise to offer the free year of monitoring, as the stolen information is exactly what criminals need for identity theft, and the thousands of patients put at risk by each breach are now potential victims.

photo credit: Confidential via photopin (license)