The Service Coordination Inc. breach noted in the previous post also affected another Maryland agency, it seems. Steve Fermier reports for WBAL:
State health officials say a company that serves Maryland residents with developmental disabilities has sent letters notifying them that their personal health information might have been compromised.
The Department of Health and Mental Hygiene says hackers hit Service Coordination Incorporated of Frederick, which provides case management services to nearly 14,000 Maryland residents.
SCI,in a letter provided to WBAL News, indicates that its computers were hacked between October 20th and October 30th and that access was gained to confidential information.
That potentially includes names, social security numbers, medical assistance numbers, and other vital information, some shared with the Maryland Developmental Disabilities Administration.
Read more on WBAL.
It would be beneficial to know how the information was hacked. Whether it was through file server access or network breaches or perhaps offsite data storage. This would allow discussions of what to do about preventing further attacks at other healthcare organizations. Does anyone have any feedback?
That’s generally the case – that more transparency and sharing of attacks would be helpful. I doubt we’ll get any disclosures at this point if a criminal prosecution is pending.