A ransomware attack took place, on November 5, 2019, on the Cancer Center of Hawaii in Oahu. The attack meant that the Cancer Center to close down its network servers, which meant it was temporarily stopped from providing radiation therapy to clients at Pali Momi Medical Center and St. Francis’ hospital in Liliha.
While patient services suffered some disruption, no patient information is thought to have been accessed by the hackers. The forensic investigation into the breach is current but all data stored on its radiology machines has been rescued and its network is now fully operational.
It is not known for how long its network was down and no details have been released so far on the types of patient information that may have been obtained.
The Cancer Center has made the breach known to the FBI about the breach and will report the incident to appropriate authorities, if the forensic investigators confirm that patient data may have been obtained.
The breach was restricted to to the Cancer Center’s systems. Pali Momi Medical Center and St. Francis’ hospital were no impacted by the attack as their patient data and systems are isolated from the Cancer Center.
Zuckerberg San Francisco General Hospital Alerts Patients to Inadequate Disposal Incident
1,174 patients of Zuckerberg San Francisco General Hospital have been contacted to advise them that meal tickets containing a limited amount of their protected health information have been disposed of in an improper fashion.
The meal tickets included patients’ full names, their bed/unit in the hospital, birth month, dietary data, and the menu they received. The tickets should have been destroyed of in confidential waste bins but were accidentally disposed of with normal trash.
The breach was due to an employee being not conscious that the meal tickets needed to be sent for shredded. The San Francisco Department of Health became aware of the improper disposal incident on November 15, 2019. The employee had been disposing of the meal tickets in normal trash bins between June 18 and November 4. The employee has since been made aware of the correct processes for the termination of sensitive data.