Oregon Healthcare Provider Suffers Employee Email Data Breach

  • By Steven
  • Published: Dec 13, 2023
  • Last Updated: Dec 14, 2023

Oregon Healthcare Data Breach

In Oregon, the Neuromusculoskeletal Center of the Cascades and Cascade Surgicenter collectively are “The Center.” The professionals that work there are highly trained doctors from many fields, including physiatry, occupational medicine, neurosurgical, and orthopedic care. The Center serves central Oregon at three stand-alone clinics and rural treatment at six shared clinics. Many Oregonians may receive a letter from The Center in the upcoming weeks—they’ve had a significant patient data breach.

How Did the Attack Occur? 

There is little public knowledge about the event or how the assailants made it possible; according to the Notice of Data Incident published on The Center’s website, the event stemmed from employee emails. Purportedly, an unauthorized party accessed multiple employee email accounts, and those accounts contained some patient information. How the assailants accessed the accounts is unclear, as there is no indication of human error or malicious thieving. 

What Information Was Viewed or Stolen? 

The data accessed in this event will have significant consequences for its owners. The information differs between individuals, and not all elements may have exposures in the event; the exposures include full names, birthdays, Social Security Numbers, addresses, phone numbers, email addresses, driver’s license and state ID numbers, financial account information including account numbers, some routing numbers, the financial institution’s name, plus credit/debit card information, and medical information including diagnosis/treatment details, provider name, prescription information, medical record numbers, Medicare or Medicaid ID numbers, specific health insurance information, treatment costs, and digital signatures. Those with data exposed in this event must take action to protect themselves and their future.

How Did the Neuromusculoskeletal Center of the Cascades Admit to the Breach? 

According to the breach notice, the unauthorized actor accessed the employee email accounts between October 2nd and 3rd, 2023. On October 3rd, Center officials noticed suspicious activity within an email, pushing them to launch investigations. On or around November 21st, they completed the review and began to notify the necessary parties. On or around December 1st, The Center published its website notice; this same day, they submitted a breach filing to the Department of Health and Human Services. On December 12th, their filing appeared on the DHHS website. 

What Will Become of the Stolen Information? 

It’s challenging, if not impossible, to determine what will happen to the accessed information. However, because the event was not ransomware, the assailants may sell or misuse the data to generate a profit. On the dark web, criminals can sell records in single or bulk transactions, with costs ranging up to hundreds. Conversely, if the bad actors seek further system vulnerabilities, they may misuse the data in impersonation plots. Most likely, either the threat actors or their associates will use the information in fraudulent events; this may put data owners in the crosshairs of the law. 

What Should Affected Parties Do in the Aftermath of the Breach? 

First, those impacted by this breach should secure their accounts. They should update and change their passwords to complex, multi-symboled passcodes, preferably maintained within a password generator. In addition, those who can change the information associated with them should consider doing so; in cases of financial exposures, consider opening new accounts with new numbers and cards. 
However, those with unchangeable elements should invest in monitoring services and consistently check their accounts. Particularly in medical information exposures, they should closely review all statements from their providers and ensure the services rendered are correct. Although this event happened in October, victims still have time to protect themselves and their futures.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What You Need to Know about the Data Breach MC2 Data

What You Need to Know about the Data Breach MC2 Data

Founded in 2018, MC2 Data is based in Florida and specializes in background check services. MC2 aggregates data from several records to provide background check services to landlords, employers, and other organizations.

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close