Healthcare Data Breaches Reported byHampton-Newport News Community Services, Marywood Nursing Care Center, Health Alliance and Others

Marywood Nursing Care Center, Hampton-Newport News Community Services Board, J.D. Gilmour & Co, Health Alliance, Nabholz Construction, and United Regional Health Care System have submitted data breach reports lately.

Hampton-Newport News Community Services Board Ransomware Attack

Provider of behavioral health and intellectual and developmental disability services, Hampton-Newport News Community Services Board based in Virginia, has advised 44,312 people about the compromise of some of their protected health information (PHI) in a ransomware attack. Technical problems were encountered on November 12, 2023, and later confirmed that the problem was because of the ransomware. Third-party cybersecurity specialists helped with the investigation and troubleshooting, and they established that the threat actors acquired access to its system on September 26, 2023.

All affected files were evaluated, which affirmed the exposure of patient data. The exposed information differed among the patients and might have contained names along with addresses, ZIP codes, Social Security numbers, driver’s license numbers, birth dates, clinical details for example diagnosis/conditions, laboratory results, prescription drugs or other treatment data, claims details and insurance details. The Hampton-Newport News Community Services Board cannot ensure whether the above information was viewed or stolen during the attack. The affected patients are provided with credit monitoring and identity restoration services.

Marywood Nursing Care Center Impacts 6,178 People

Marian Village Corporation, also known as Marywood Nursing Care Center based in Massachusetts, encountered a security breach that affected the PHI of 6,178 people. The breach notification provided to the Massachusetts Attorney General doesn’t say when the breach was discovered or when it happened, just that an unauthorized person got access to its system and possibly stole data that included names, addresses, and claims data. No other data was compromised in the cyberattack. The impacted persons were provided free access to Single Single Bureau Credit Report/Single Bureau Credit Score/Bureau Credit Monitoring services for free. Marywood stated it has used extra monitoring software and will go on reviewing and improving the security of its network.

Health Alliance Affected by Cyberattack

Health Alliance located in Illinois has reported the exposure of the PHI of 6,900 members in a data breach that occurred at a subcontractor of its business associate. Health Alliance hired the services of OnTrak, which hired Keenan as subcontractor. On August 27, 2023, Keenan discovered the unauthorized access and disabled its network to control the breach. As per the forensic investigation, an unauthorized third party acquired access to information that contains health plan members’ information. Keenan informed Health Alliance concerning the breach on December 20, 2023, and provided a listing of the impacted members on January 10, 2024.

Health Alliance subsequently analyzed and matched the listing to its members’ information and sent the notification letters. Health Alliance stated these data were exposed in the incident: name, member number, address, birth date, health coverage details, and, in some instances, Social Security number. Keenan has provided the impacted patients with a membership to the Experian IdentityWorksSM Credit 3B service for 24 months.

Nabholz Construction Cyberattack

Nabholz Construction, a provider of construction-related services in Arkansas, was impacted by the Cadence Bank data breach, which compromised the PHI 5,326 of its Corporation Employee Welfare Health Plan members. Cadence Bank notified Nabholz on November 29, 2023, about the exposure of information in a cyberattack that took advantage of a zero-day vulnerability found in the MOVEit Transfer solution of Progress Software. Progress Software released a patch to correct the vulnerability on May 31, 2023; nevertheless, Cadence Bank confirmed that the vulnerability was breached from May 28 to May 31, 2023. The information compromised in the attack contained names, Social Security numbers, birth dates, addresses, medical data like treatment data, provider names, prescription drugs, and medical insurance data.

J.D. Gilmour & Co., Inc. Email Account Breach

Insurance agency, J.D. Gilmour & Co., Inc. based in Glendale, CA , uncovered unauthorized access to its email environment on June 29, 2023. Independent cybersecurity professionals performed a forensic investigation of its email tenant, which affirmed the unauthorized access to one employee’s email account. The analysis of the email account confirmed on October 27, 2023 the breach of the PHI of 2,481 people. On December 21, 2023, J.D. Gilmour & Co. acquired the authorization to send notification letters by mail from the impacted client. The impacted people were provided Single Bureau Credit Score/Single Bureau Credit Monitoring/Single Bureau Credit Report/services for free.

United Regional Health Care System Hacking

United Regional Health Care System reported a data breach related to hacking to the HHS’ Office for Civil Rights. There were 36,900 patients affected. There is no announcement of a data breach on the web page of Wichita Falls according to the TX health system. However, the breach notice sent to the Texas Attorney General mentions that the breach happened on May 30, 2023, and involved names, dates of birth, medical data, and insurance details.

Data Breaches Reported by Sierra County, Advarra, Foursquare Healthcare, East River Medical Imaging and Hi-School Pharmacy

PHI Breach in Sierra County, CA Cyberattack

Sierra County in California encountered a “sophisticated cyberattack” on or about February 21, 2023. Upon discovery of the breach on March 5, 2023, Sierra County secured its systems to avoid further unauthorized access. Third-party cybersecurity specialists investigated the incident. According to the investigation, the attackers got access to areas of the network that included data like names, addresses, birth dates, email addresses, telephone numbers, driver’s license or state ID numbers, Social Security numbers, medical/prescription or medical insurance-related data, drug or alcohol testing results, debit or credit card numbers, biometric information, or financial account/routing numbers. There was no evidence found that signifies actual or attempted data misuse. The Department of Public Health and Department of Behavioral Health mentioned that the protected health information (PHI) of 2,463 persons was exposed and possibly stolen in the attack.

Advarra, Inc. Email Account Breach

Integrated research compliance solutions provider, Advarra, Inc. based in Columbia, MD, detected unauthorized access to the email account of an employee on October 26, 2023. The account was deactivated right away. The forensic investigation affirmed that only one email account was affected by the breach, with the unauthorized access starting on October 25, 2023. The attacker stole data from the account including names and Social Security numbers. The breach report was already submitted to the Maine Attorney General indicating that 1,782 individuals were affected. There is no evidence found that indicates the misuse of the stolen information; nevertheless, as a safety measure, impacted persons were provided free credit monitoring services for two years and those persons are being urged to use those services.

Ransomware Attacks on Foursquare Healthcare and Hi-School Pharmacy

Foursquare Healthcare Ltd, based in Rockwall, TX offers short-term rehabilitation, skilled nursing, and long-term nursing care facilities. It recently reported a ransomware attack that was discovered on September 27, 2023. It was confirmed by forensic investigation that the attackers gained access to its system from September 27, 2023 to September 29, 2023, and stole several files that included employee and patient data. The data in the files differed from one person to another and included names together with at least one of these data: address, billing details, Social Security number, banking details, and clinical data concerning care given at its clinics.

The attack didn’t result in any material trouble to Foursquare care or services. There is no proof found that suggests the misuse of any of the stolen information for identity theft or scams. Foursquare stated it has received assurances that the stolen information was deleted. That typically, but not always indicates ransom payment. Foursquare stated it is convinced the incident is contained but it will still keep track of its systems for suspicious activity.

The breach report was recently submitted to the HHS’ Office for Civil Rights indicating that the PHI of 10,890 patients were affected. Foursquare has provided two years of free credit monitoring and identity theft protection services to the impacted persons. Although assurances were given that the stolen information was deleted, Foursquare informs the impacted patients and workers to be cautious against identity theft and fraudulence.

Hi-School Pharmacy Ransomware Attack

The drug store chain, Hi-School Pharmacy based in Vancouver, WA, has informed the Maine Attorney General regarding a data breach that has impacted 17,676 persons. Hi-School Pharmacy encountered a cyberattack on November 3, 2023, that triggered a network interruption. According to the forensic investigation, the attackers got access to its network that included PHI such as names and Social Security numbers. Hi-School Pharmacy sent notification letters to the impacted persons on November 5, 2023 and offered credit monitoring and identity theft protection services to the impacted persons.

606,000 Patients Affected by East River Medical Imaging Cyberattack

East River Medical Imaging located in New York sent notification letters to 605,809 patients about the potential exposure or theft of some of their PHI in a cyberattack that was discovered on September 20, 2023. The company took the network offline quickly and started a forensic investigation to identify the nature and extent of the attack. The investigation confirmed there was unauthorized access to its system from August 31, 2023 to September 20, 2023, and in that period, files comprising patient information were accessed and stolen from its system.

The breached data differed from one person to another and could have contained names, contact details, Social Security numbers, insurance data, exam and/or procedure data, referring doctor names, and/or imaging results. Employee information was likewise compromised, such as names, contact details, financial account data, driver’s license numbers and/or Social Security numbers.

East River Medical Imaging mentioned it has improved its network tracking capabilities and will still evaluate and supplement its security settings. Notification letters were sent by mail to the impacted people on November 22, 2023. Those whose driver’s license numbers and/or Social Security numbers were affected were provided free credit monitoring services.

Cyberattack on Fred Hutchinson Cancer Center

The Fred Hutchinson Cancer Center located in Seattle, WA, has reported that it discovered unauthorized network activity on its clinical system during the week of Thanksgiving. The ongoing investigation of the incident has no clear information yet regarding the compromise of patient data. The system was taken off the internet after 72 hours of discovering the security incident. Until now, the clinical system is still offline. The MyChart online patient website and its research system were not affected. Patient care is still provided to patients and employees are working 24 / 7 to take care of the problem and restore systems online. There is no time frame given regarding this process.

Some patients have said they received threatening email messages from the attackers. The emails mentioned the theft of 800,000 patients’ information in the attack and their stolen data will be released on the dark web when patients fail to pay to have their data removed. The letters demand a $50 payment to have their data deleted. The attackers asked for individual ransom demands because The Fred Hutchinson Cancer Center declined to pay the ransom.

Other hospitals were attacked during Thanksgiving. A few hospitals managed by Ardent Health Services were impacted by a ransomware attack and were compelled to call off appointments and reroute ambulances.

Legacy Hospice, University of Miami Health and Live Oak Surgery Center Report Email Account Breaches

21,000 Legacy Hospice Patients Affected by Email Account Breach

Legacy Operating Company manages Legacy Hospice facilities in Arkansas, Alabama, Louisiana, Missouri, Mississippi, Oklahoma, and Tennessee. It reported that an unauthorized third party acquired access to some employee email accounts last February 11, 2022 and from April 7, 2022 to April 21, 2022. Third-party cybersecurity experts’ investigation ended on November 7, 2022, confirming that protected health information (PHI) was found in the breached email accounts and might have been viewed or acquired.

The breached data contained names along with at least one of these data elements: Social Security numbers, taxpayer ID numbers, birth dates, dates of death, government ID numbers, driver’s license numbers, financial account data, credit or debit card details, passport numbers, dates of service, medical record numbers, names of provider, patient numbers, basic medical data, diagnostic/treatment data, surgical data, medicine details, and/or insurance details.

There are no reports received regarding any attempted or actual patient data misuse. The company sent notification letters by mail on December 23, 2022, and offered free credit monitoring services to those who had their Social Security numbers exposed.

Over 5,000 Live Oak Surgery Center Patients Affected by Email Account Breach

Live Oak Surgery Center based in Plano, Texas reported that unauthorized individuals accessed the email accounts of two employees from August 10, 2022 to September 27, 2022. The forensic investigation and analysis of the impacted email accounts ended on November 17, 2022. The data in the email accounts was confirmed to have included names, together with at least one of the following types of data: birth date, financial account data, payment card details, medical data, medical insurance data, passport number, driver’s license number, Social Security number, state ID number, and/or username/password. Live Oak Surgery Center did not receive any report of patient data misuse.

Additional email security procedures were put in place to avoid other email account breaches. The breach report was submitted to the HHS’ Office for Civil Rights indicating that 5,264 patients were affected.

University of Miami Health Patients Affected by Impermissible Disclosure of PHI Due to Personal Data Breach

University of Miami Health System (UHealth) just reported the potential compromise of the PHI of 973 patients due to a breach of an employee’s personal information. The employee involved fell prey to identity theft. The third-party likewise stole the employee’s credentials for his/her email account at work. An evaluation of the email account showed it included patients’ names and medical record numbers. The third-party forward that information to its email account. UHealth stated there was no proof found that suggest the compromise of Social Security numbers or financial data.

Data Breaches at CareFirst Administrators, Blakehurst and Legacy Health

CareFirst Administrators (CFA) has informed 14,538 people that they were affected by the phishing attack on Conifera, its revenue cycle management vendor. Conifer detected a security breach at the end of March, and the investigation confirmed that unauthorized individuals accessed a number of Microsoft 365 accounts from March 17 to March 22, 2022. CFA received notification about the security incident on June 23, 2022.

One of the breached email accounts contained the protected health information (PHI) of CFA members, such as names, dates of birth, addresses, medical insurance data, medical information, billing and claims details, and Social Security numbers.

Conifer mentioned it has enforced extra security steps to better secure its Microsoft 365 email environment to minimize the threat of future breaches.

Legacy Health Discovers Insider Breach

Legacy Health based in Oregon has just announced a breach that affected the PHI of 7,983 patients. Based on the provider’s substitute breach notice, the Privacy Office found out on July 25, 2022, that staff had stored files that contain patients’ PHI in external gadgets with no authorization. It was confirmed by the internal investigation that the staff had transmitted files that contain patient information to a private storage device through external drives and email.

The staff who accessed patient information got suspended as the investigation was carried out. In several interviews, the staff cannot give a legitimate work reason for taking such actions. An analysis of the files showed they included patients’ names, dates of birth, dates of service, medical record numbers, provider names, medical insurance data, diagnosis and/or treatment data, and several Social Security numbers. Patients began receiving notifications on November 23, 2022.

Legacy Health doesn’t believe patient data was further exposed or misused, however, patients were instructed to keep track of their credit reports and account statements for indications of data misuse. If offered complimentary credit monitoring services to impacted patients. Legacy Health has strengthened the workforce with training about proper uses and disclosures of patient information.

Data Breach at Maryland Senior Living Facility

The senior living facility, Blakehurst in Towson, MD, recently reported the potential compromise of the personal data and PHI of present and previous workers and patients due to a cyberattack. On February 7, 2022, strange activity was discovered in its email environment. The forensic investigation confirmed a number of employee email accounts had been accessed without authorization. On August 4, 2022, Blakehurst affirmed that the compromised email accounts held patient information.

The evaluation of emails and file attachments was accomplished on September 20, 2022, and showed the potential compromise of the following information: names, birth dates, medical data, Social Security numbers, medical insurance data, financial account numbers, and driver’s license numbers. Impacted individuals were informed concerning the breach on December 6, 2022, and received offers of free credit monitoring and identity theft protection services with $1,000,000 identity theft insurance coverage. Blakehurst mentioned it took action to enhance the security of its email system to avoid the same breaches later on.

Based on the HHS’ Office for Civil Rights breach website, there were around 1,047 persons impacted by the breach.

Email Account Breaches at CSI Laboratories and Trillium Health

Cytometry Specialists, Inc., dba CSI Laboratories located in Alpharetta, GA, has recently announced that an unauthorized individual accessed the email account of an employee and might have viewed or gotten the protected health information (PHI) of 244,850 patients. CSI Laboratories is a top cancer testing and diagnostics laboratory that assists pathologists, oncologists, and community hospitals across the U.S.

CSI Laboratories identified the email account breach on July 8, 2022, and quickly secured the account. The incident investigation shows that the reason for the attack was to utilize the email account to conduct a business email compromise (BEC) attack and redirect CSI customer health care provider payments to an account managed by the hacker by posing as CSI utilizing a fictitious email address, The breach was not meant to acquire patient information; nevertheless, the breach investigation revealed on July 15, 2022, that certain files were extracted from the employee’s mailbox that stored patient records.

The files associated with invoices delivered to CSI Health Care provider customers which were probably taken to help the BEC scam. The files usually only included patient names and identifiers like patient numbers, though a number of files enclosed additional details like dates of birth and health insurance data. Therefore, the possibility of misuse of patient data is considered to be very low.

Due to the breach, CSI Laboratories took steps to improve the protection of its email environment, gave more training to employees on how to determine phishing attempts, and enhanced the checking of its network and email systems.

CSI Laboratories reported earlier this year that it had experienced a ransomware attack that the Conti ransomware gang took credit. The 312,000 patients’ PHI was compromised in that attack.

PHI of 3,200 Individuals Exposed at Trillium Health Email Account Breach

The healthcare company Trillium Health based in Rochester, NY has announced a data security incident that compromised the PHI of 3,191 patients. On or about August 1, 2022, Trillium Health identified suspicious activity in an employee’s email account. The provider took steps right away to protect the email account and launched an investigation to find out the nature and extent of the breach.

Trillium Health stated that the breach just affected one email account and that an unauthorized person got access to the inbox of the employee for a brief time period on July 26, 2022. In that time of access, the whole contents of the account could have been stolen. An analysis of the email messages and file attachments showed they held patient data including names, dates of birth, treatment data, medicines, diagnoses, and provider details. In some cases, more extensive data was possibly exposed.

Trillium Health mentioned it has put in place extra safety measures to stop further breaches of email accounts, which include multi-factor authentication, and modification of its internal email configurations.

Data Breaches at Healthback Holdings, City of Newport, and Minuteman Senior Services

Healthback Holdings has commenced informing 21,114 people about the potential access and theft of some of their protected health information (PHI) by unauthorized persons. The Oklahoma City home health provider detected strange activity inside its email account on June 1, 2022. A third-party cybersecurity agency helped investigate the incident. It was confirmed that an unauthorized third party accessed a few employee email accounts from October 5, 2021 to May 15, 2022 because of responding to phishing emails.

The investigators can’t ascertain which email accounts, if any, were viewed, or if there was theft of any data in the accounts. Therefore, notification letters had been sent to all people whose PHI had been included in the impacted email accounts. The compromised data differed from person to person and might have contained names, medical insurance details, Social Security numbers, and clinical data.

Free credit monitoring and identity theft protection solutions are being offered to qualified individuals. Healthback Holdings has toughened its email security and additional training is given to staff members about detecting and avoiding phishing emails.

City of Newport in Rhode Island Hacking Incident

The City of Newport, RI recently submitted a breach report to the HHS’ Office for Civil Rights indicating that the PHI of 6,109 persons was affected. Strange network activity was identified within its system on June 9, 2022, and selected systems became inaccessible. The forensic investigation affirmed that the hackers had acquired access to its system on June 8, 2022, and extracted files that contain sensitive information from its systems.

An analysis of the affected files was done on June 12, 2022 and confirmed the inclusion of information of present and past employees as well as their spouses and/or dependents. The potentially compromised data included names, addresses, birth dates, financial account numbers employed for direct deposit, data associated with group health insurance, and Social Security numbers.

The City of Newport sent breach notification letters to impacted persons on July 22, 2022 and provided free memberships to identity monitoring services to affected people. The company also took steps to strengthen the security of the network.

Unauthorized Person Accessed the Minuteman Senior Services Email Account

Minuteman Senior Services based in Bedford, MA has identified that an unauthorized person acquired access to the email account of an employee and possibly viewed or acquired sensitive data in the account. The unauthorized access was discovered on June 1, 2022 and the forensic investigation confirmed that the account was accessed for under 24 hours.

Minuteman explained in a substitute breach notification issued on July 29, 2022 that the account included details like full names, addresses, dates of birth, sexuality, medical insurance data, diagnosis, and service utilization details. No proof of information theft or misuse was found upon the issuance of notifications.

The breach report has been submitted to the HHS’ Office for Civil Rights indicating that approximately 4,000 persons were affected.

Breach of the PHI at Carolina Behavioral Health Alliance, ATC Healthcare and Community of Hope D.C.

A ransomware attack was recently reported by the managed behavioral health company based in Winston-Salem, NC, Carolina Behavioral Health Alliance (CBHA), which manages the behavioral health benefits for Wake Forest Baptist Medical Center and Wake Forest University.

On March 20, 2022, Carolina Behavioral Health Alliance discovered the attack that resulted in the deactivation of its computer systems. The forensic investigators confirmed that attackers got access to its systems from March 19 to March 20 and possibly viewed or acquired the sensitive information of 130,000 health plan members as well as their dependents. The breached information included names, sexuality, addresses, Social Security numbers, and health plan ID numbers.

Thus far, there’s no report received that indicates an actual or attempted patient data misuse. CBHA stated it has put in place extra safety measures to better secure the information of health plan members down the road and has provided the impacted persons with membership to single bureau credit monitoring, credit score services, and credit reporting for 2 years.

ATC Healthcare Reports Email Account Breach

ATC Healthcare based in New York has just reported that unauthorized persons accessed the email accounts of selected employees and possibly viewed or acquired sensitive patient information. The company discovered the incident on December 22, 2021, because of suspicious activity inside its email account. The forensic investigation affirmed that unauthorized persons accessed the email accounts of a number of employees at different times from February 9, 2021 to December 22, 2021.

The impacted email accounts contained names, driver’s licenses, Social Security numbers, financial account details, usernames and passwords, biometric information, medical details, medical insurance data, electronic/digital signatures, employer-assigned ID numbers, and passport numbers.

ATC Healthcare stated it did not find any evidence that indicates access, extraction, or misuse of patient data. Notification letters had been mailed to all persons possibly impacted. It is presently not clear how many persons were affected by the data breach.

Employee Email Account Compromised at Community of Hope D.C.

Community of Hope D.C. (COHDC) recently reported that an unauthorized third party accessed the email account of a staff member and possibly viewed or acquired the protected health information (PHI) of patients. The breach was discovered because of the spam emails sent from the email account. The forensic investigation affirmed that the breach only affected one employee’s email account, which was compromised from January 27, 2022 to February 7, 2022.

The information kept in the account included names, driver’s license numbers, Social Security numbers, financial data, medical insurance details, and medical diagnostic data. The breach affected 645 persons who received free credit monitoring and identity theft protection services.

Multiple Email Accounts Breach at Covenant Care California, Grandview Medical Center and Bergen’s Promise

Covenant Care California based in Aliso Viejo, an owner of skilled nursing facilities and a home health services provider in Nevada and California, has reported that an unauthorized third party has acquired access to its email system, and likely viewed or acquired electronic protected health information (ePHI). Suspicious activity was discovered in the email account of a staff member in February 2022, and the following investigation confirmed the access of several employee email accounts from February 24 to March 22, 2022. The accounts had information associated with its home health services, offered using these brand names:

  • Elevate Health Group
  • Focus Health
  • Choice Home Health
  • RehabFocus Home Health
  • San Diego Home Health

The accounts review concluded on March 27, 2022, and revealed that the email accounts contained protected health information (PHI), including names, medical data, and medical insurance details. The birth date, driver’s license number, Social Security number, and/or other personal data of some affected persons were also compromised. Covenant Care stated that safety measures are being assessed and changes will be made to enhance security, for example, giving additional training to staff members on email security. Affected persons received free identity monitoring services.

Presently, it is uncertain how many persons were impacted.

Email Account Breach at Bergen’s Promise

Bergen’s Promise, the assigned Care Management Organization for Bergen County based in New Jersey, has just reported that a portion of its email system was compromised. On November 15, it discovered suspicious activity in the email account of an employee. The subsequent forensic investigation confirmed the compromise of six email accounts from November 15 to November 18, 2021.

Bergen’s Promise reported that security protocols were improved in response to the email account breach. Affected persons received credit monitoring and identity theft protection services. The reason is not known as to why the issuance of the breach notification letters took 7 months from the time the breach was discovered.

The breach reported submitted to the HHS’ Office for Civil Rights indicated that 6,948 persons were affected.

Theft of ER Activity Logs from Grandview Medical Center

Grandview Medical Center located in Birmingham, AL has began sending notification to 1,126 persons about the theft of activity logs from its ER department. The stolen records contained PHI but law enforcement recovered them.

Law enforcement contacted Grandview Medical Center on April 12, 2022 to inform it about the logs, which were discovered in a residential apartment on April 4, 2022. The logs recorded patient visits from February 1 to February 12, 2022, and contained data like name, birth date, account number, medical record number, and treatment details such as reason for consultation, diagnosis, acuity, arrival mode and discharge disposition, and date/time of service.

Grandview Medical Center mentioned that law enforcement is currently investigating the incident. At this period, it is unknown what the individual who stole the records did with the information, however it is likely that the records were exposed to other persons. As a safety measure, the affected persons received credit monitoring services.

The medical center stated it offers regular privacy and confidentiality instruction to workers and stresses why safeguarding patient data is important.

Kaiser Permanente Email System Breach Results in PHI Exposure of 70,000 People

Kaiser Permanente is one of the United States’ biggest nonprofit health plan and healthcare companies that recently reported an email security breach. Although this company provides medical services to over 12.5 million individuals in 8 states and D.C., only about 70,000 members of the Kaiser Foundation Health Plan of Washington were affected by the breach.

Kaiser Permanente mentioned that it became aware of the email security incident on April 5, 2022. It was confirmed that an unauthorized party accessed the email account of one employee. The company took immediate action to protect the account and block unauthorized access. Kaiser Permanente stated that it shut down the account and was able to secure it in just hours.

An investigation was started to find out the nature and extent of the email breach, which confirmed that only one account had been affected. Nevertheless, that account included email messages and file attachments having the protected health information (PHI) of a number of health plan members. The types of data compromised in the breach involved the first and last names of patients, medical record numbers, lab test results data, and dates of service. There was no financial data or Social Security numbers compromised.

There was no proof found that indicates the access or removal of any plan member data from its systems. Nonetheless, it can’t be ruled out that there was no unauthorized PHI access or data theft. Up to now, no report was gotten concerning any actual or attempted improper use of ePHI.

Kaiser Permanente sent notifications to impacted persons on June 3, 2022 telling them to be cautious of likely fraudulence. The employee whose email account was subjected to unauthorized access received supplemental training about proper email handling. The company is also taking additional steps to ensure incidents like this never happen down the road.

The breach is posted on the HHS’ Office for Civil Rights breach website indicating that 69,589 persons were affected.

Allaire Healthcare Group and Platinum Hospitalists Report Email Account Breaches

Allaire Healthcare Group and Platinum Hospitalists have recently announced that an unauthorized individual has acquired access to the email account of an employee and possibly viewed or stolen patient data.

PHI Possibly Compromised Due to Email Account Breach at Allaire Healthcare Group

Allaire Healthcare Group based in Freehold, NJ manages five residential healthcare facilities in the tri-state area that give dementia care, respite care, and subacute care. It found out that an unauthorized person has obtained access to one worker’s email account. The group discovered the suspicious activity in the worker’s email account on November 24, 2021. It took immediate steps to keep the account as well as its email system safe and to stop further unauthorized access.

The forensic investigation revealed that the breach only affected a single email account, which the unauthorized individual accessed from November 10, 2021 to November 24, 2021. A programmatic and manual evaluation of the impacted email account was done on March 18, 2022. The analysis confirmed that the email account included the protected health information (PHI) of 13,148 people, such as first and last names, Allaire-issued unique client identifier numbers, driver’s license numbers, Social Security numbers, passport numbers, financial account numbers, payment card information, data concerning medical records, treatment/diagnosis details, prescription data, and/or health insurance details.

The forensic investigation did not find any evidence that suggests the access or downloading of any of that information. There are no reports received about any incidents of attempted or actual misuse of the information.

Platinum Hospitalists Uncovers Phishing Attack and Data Breach

Platinum Hospitalists has just begun sending notifications to 6,000 patients concerning the potential compromise of some of their PHI. On March 29, 2022, Platinum Hospitalists learned that an unauthorized person accessed an email account. The investigation confirmed that the employee’s credentials were stolen after responding to a phishing email. The breach only affected one email account. A review of the account revealed that it comprised individually identifiable protected health information.

Platinum Hospitalists stated that patient data is encrypted every time it is sent externally, which includes via email, however, the nature of the attack meant the data in the account might have been accessed and copied in a readable form. The investigation could not verify the specific records that were compromised, nevertheless, the following types of data were seen in the email account: patient names, dates of birth, dates of service, diagnosis and procedure codes, medical record numbers/patient account numbers, insurance identification numbers, and invoiced amounts. There is no breach of addresses or Social Security numbers.

The information is mostly about patients who were insured through Humana and got medical services from Platinum organizations at acute hospitals and other medical facilities in the area of Las Vegas between roughly October 2018 and March 2022.

Email Incidents Reported by CareOregon Advantage, Ultimate Care, and University Medical Center Southern Nevada

Three email incidents were recently reported by CareOregon Advantage, University Medical Center Southern Nevada, and Ultimate Care. A total of 38,485 individuals were affected.

PHI of CareOregon Advantage Members Exposed Due to Misdirected Email

CareOregon Advantage, the health insurance agency based in Portland, OR , has started sending notifications to 10,467 plan members regarding an impermissible disclosure of some of their protected health information (PHI). On January 27, 2022, an email having an attachment with plan member data was sent to a contracted consultant erroneously.

The consultant quickly informed CareOregon Advantage concerning the mistake and permanently removed the email message and attachment. The attached file included information such as member names, ID numbers, Medicaid/Medicare numbers, and birth dates. CareOregon Advantage is convinced the possibility of misuse of member information is negligible.

CareOregon Advantage stated its investigation affirmed that it has the proper policies and procedures in place to deal with these types of situations and those policies and protocols are evaluated yearly. The worker who sent the email was given extra training.

15,788 Individuals Affected by Phishing Attack on Ultimate Care

Ultimate Care, the home care agency located in Brooklyn, NY, has just announced that unauthorized persons
accessed some employee email accounts since employees responded to phishing emails. When the security breach was discovered, quick action was done to secure its email account and a forensic investigation was started to know the scope of the data breach.

The forensic investigation results showed that unauthorized individuals accessed the email accounts from April 7, 2021 to June 2, 2021. A manual analysis of all emails in the accounts established they comprised names, together with one or more of the following types of data: driver’s license numbers, passport numbers, Social Security numbers, dates of birth, financial account data, credit or debit card details, medical details, medical insurance policy data, and/or usernames and passwords.

Ultimate Care mentioned there were no reports received that indicate the improper use of any patient data; nevertheless, as a safety measure against identity theft and fraud, people whose Social Security numbers were exposed were provided complimentary one-year memberships with a credit monitoring provider. Notification letters were mailed to impacted persons on February 22, 2022.

The breach report was submitted to the HHS’ Office for Civil Rights indicating that 15,788 people were affected.

Business Associate Email Breach Impacted University Medical Center Southern Nevada Patients

University Medical Center Southern Nevada (UMC) has lately reported the potential compromise of the PHI of 12,230 patients was potentially compromised in a cyberattack at one of its business associates: The healthcare software vendor Advent Health Partners (AHA).

AHA found out about the email breach in early September 2021 and confirmed on December 2, 2021, that files made up of the PHI of its healthcare firm customers were accessed. The files included last and first names, Social Security numbers, drivers’ license information, birth dates, health insurance details, medical treatment data, and financial account details. AHA issued notification letters regarding the cyberattack on January 6, 2021. Advent Health Partners sent the breach report indicating that 1,383 persons were impacted, however a few of its clients, which include UMC, reported the breach on their own.

This is UMC’s third reported data breach in the last 18 months. UMC encountered a REvil ransomware attack in June 2021 that allowed the theft of the PHI of 1.3 million people, and last March 2021, UMC announced an unauthorized access/disclosure incident affecting 1,833 people.

Houston Area Community Services, County of Kings, and NYU Langone Health Reported Data Breaches

Houston Area Community Services, County of Kings in California, and NYU Langone Health reported data breaches recently.

Avenue 360 Health and Wellness Reports Employee Email Accounts Breach

Houston Area Community Services, Inc., dba Avenue 360 Health and Wellness, found out an unauthorized individual has acquired access to the email accounts of a number of employees and may have viewed or gotten the protected health information (PHI) of 12,186 people.

Avenue 360 Health and Wellness stated its investigation confirmed the email accounts had been compromised between January 15, 2021 and April 2, 2021. A third-party vendor specializing in the evaluation of security incidents such as this was engaged to assist with the breach investigation.

The provider conducted a thorough evaluation of all emails and file attachments contained in the account. On November 9, 2021, Avenue 360 found out that the account included names, health insurance details, medical record numbers, birthdates, diagnoses, clinical and treatment information, and prescription data. The Social Security numbers and/or financial data of some persons were likewise exposed.

Avenue 360 did not receive any reports of actual or attempted misuse of patient data because of the email security breach. Affected individuals started receiving notification letters on January 5, 2022, and complimentary credit monitoring services were offered to people whose Social Security number was compromised. Since the breach, email security was enhanced with anti-spam solutions and multi-factor authentication.

Web Server Misconfiguration Led to the Exposure of COVID-19 Data of 16,590 People

County of Kings, which is a political subdivision of the State of California, has uncovered the misconfiguration of a public web server, which resulted in the breach of information regarding COVID-19 cases.

The California Department of Public Health and County healthcare providers gave the information to County’s Public Health Department. The data included names, addresses, dates of birth, and COVID-19 related details. The misconfiguration was discovered on November 24, 2021, and the issue was completely fixed on December 6, 2021. The investigation confirmed that the misconfiguration happened on February 15, 2021.

County of Kings authorities stated they could not rule out unauthorized accessing of the information in that span of 10 months, though there are no indications that any of the breached data has been or will be misused.

The sending of notification letters to the 16,590 persons whose sensitive details were exposed
began on January 21, 2022. The County is convinced that the limited nature of the compromised data indicates persons are not at risk and do not need to take any other actions. The County mentioned it is taking steps to make sure COVID-19 data is better secured later on.

NYU Langone Health Informs 1,123 Patient Regarding Mismailing Incident

NYU Langone Health has started sending notifications to 1,123 patients regarding a vendor mailing error. On or about November 12, 2021, NYU Langone informed patients concerning a scheduled relocation of an oncology surgeon, who was based in Lake Success, NY.

A third-party vendor was employed to distribute the notification letters and reformatted the addresses which caused a misalignment of patient names and addresses on the envelopes. Because of this, the letters were delivered to incorrect patients. The letters were addressed as “Dear Patient,” and there was no protected health information included.

NYU Langone has gotten assurances from its vendor that policies, procedures, and practices were evaluated and updated to avoid similar misdirected mailings down the road.

Phishing-Related PHI Breaches Reported at Welfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E and Signature Healthcare Brockton Hospital

Email accounts that contain the protected health information (PHI) of patients were exposed at Welfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E. and Signature Healthcare Brockton Hospital.

Welfare, Pension, and Annuity Funds of Local No. ONE, I.A.T.S.E

Welfare, Pension, and Annuity Funds of Local No. ONE, I.A.T.S.E has lately informed 20,579 persons regarding the exposure of sensitive information in an email security incident. The provider noticed suspicious activity in a worker’s email account on December 21, 2021 and secured the account immediately to block unauthorized access. A forensic investigation was performed to find out the nature and extent of the breach.

On October 25, 2021, the investigation confirmed that the email account had been accessed by an unauthorized person from May 11, 2021 to August 2, 2021, because the employee responded to a phishing email. After a manual audit of the emails and file attachments, it was confirmed that they included these types of data:

Names, birth dates, government ID numbers, financial account data, Social Security numbers, and medical data that possibly includes medical provider data, diagnostic and conditions details, treatment and medication data, medical ID number(s), and/or medical insurance plan details. I.A.T.S.E Local ONE stated it did not find any evidence of sensitive information misuse.

After the breach, I.A.T.S.E Local ONE sought the help of its IT managed services provider to enforce additional security procedures so as to strengthen email security to stop other data breaches.

Signature Healthcare Brockton Hospital

Signature Healthcare based in Massachusetts has lately reported a data breach that has impacted 9,798 patients of Brockton Hospital. Suspicious activity had been discovered in its email system on November 4, 2021. The investigators of the incident confirmed that unauthorized individuals had accessed the email accounts of a number of doctors between October 16, 2021 and November 4, 2021.

A prominent forensic security company investigated the breach and stated that its computer programs and network remained secure. Signature Healthcare mentioned that it seemed there was no access of email accounts nor exfiltration of patient data. There was also no proof that show the misuse of any PHI; nonetheless, unauthorized PHI access cannot be excluded.

The breached email accounts held these types of data: First and last names, birthdates, sex, dates of appointments, test data, medical record numbers, diagnoses, and medical backgrounds. Signature Healthcare is going over its technical settings and processes and will take the appropriate steps to strengthen security to avoid other breaches later on.

Hospital, Pharmacy, and Dental Practice Report Hacking Incidents Impacting More Than 355,000 Patients

A hacker acquired access to BioPlus Specialty Pharmacy Services, an IT network based in Altamonte Springs, FL. Files containing sensitive patient data had been accessed by the attacker. The pharmacy detected the intrusion on November 11, 2021, and took immediate steps to take out the hacker from its system. A third-party computer forensics company helped BioPlus to confirm the compromise of its IT environment on October 25, 2021, and removed the attacker from its systems on November 11.

The investigation affirmed that the hacker accessed files that contain the protected health information (PHI) of selected patients, however, it was not possible to eliminate the probability that the hacker viewed the PHI of all its patients. The decision was hence taken to alert all 350,000 present and former patients concerning the breach.

The files accessed by the attacker contained patient names, dates of birth, addresses, medical record numbers, existing/past health plan member ID numbers, claims data, diagnoses, and/or prescription details. A number of patients likewise had their Social Security number exposed. The issuance of notification letters started on December 10, 2021. Individuals whose Social Security numbers were compromised were provided no-cost credit monitoring and identity protection services. BioPlus stated it has put in place extra safeguards to avoid similar breaches later on.

Capital Region Medical Center IT Systems Still Not Accessible a Week After Cyberattack

Capital Region Medical Center (CMRC) located in Jefferson City, MO, has confirmed it encountered a cyberattack that resulted in the shutdown of its network and phone systems. The cyberattack was discovered on December 17, 2021, and its online and telephone systems remain offline. The medical center is employing its downtime procedures and patients can visit, but a number of appointments were canceled. The cyberattack has additionally affected the pharmacies of the Capital Region.

The Capital Region information security staff is working diligently to bring back its systems online as fast, and securely, as possible. The health and safety of its patients are regarded as very important and treatment to patients will be given as expected. There are downtime protocols in place for physicians, nurses, and personnel to provide care in these types of situations, and its employees are dedicated to doing everything they can to minimize disruption and give uninterrupted care to its patients.

5,356 People Affected by Weddell Pediatric Dental Specialists Data Breach

Weddell Pediatric Dental Specialists based in Carmel, IN, has started sending notifications to 5,356 people that an unauthorized individual obtained access to a worker’s email account that included their protected health information (PHI).

The email account breach was noticed on July 23, 2021, and the account was promptly secured. Aided by third-party cybersecurity experts, the dental practice established that the breach only impacted one employee email account. The review and evaluation of emails and file attachments in the account were finished on October 27, 2021, and confirmed the account comprised patient names, together with one or more of the following data elements: date of birth, health diagnosis, medical treatment details, financial account data and in certain instances Social Security numbers.

Persons whose Social Security number had been exposed were offered complimentary credit monitoring services for 12 months. Weddell Pediatric Dental Specialists stated no information indicated the misuse of any patient information.

Southern Orthopaedic Associates and Eduro Healthcare Report Hacking Incidents

Southern Orthopaedic Associates (SOA) based in Paducah, KY has started sending notification letters to 106,910 patients regarding a breach that affected their protected health information (PHI).

SOA noticed unauthorized activity in the email account of an employee on or around July 8, 2021. The healthcare provider immediately took steps to secure the account. An investigation was begun to know the nature and magnitude of the breach. With the help of a third-party computer forensics agency, SOA learned that a number of employee email accounts were compromised from June 24, 2021, to July 8, 2021; nevertheless, it cannot tell which, if any, email messages in the account were seen.

A thorough analysis was performed of all emails and file attachments in the breached accounts to find out whether or not they include any protected health information. The evaluation was finished on October 21, 2021, and affirmed that the accounts comprised patient names plus Social Security numbers.

SOA sent notification letters to the affected people starting on December 12, 2021. Complimentary one-year membership to credit monitoring services through Experian has been offered. Additional safeguards to enhance email security had been implemented. The workforce was given further security awareness training.

Eduro Healthcare Data Breach Impacts More Than 8,000 Patients

Eduro Healthcare in Salt Lake City, UT has informed 8,059 patients concerning a potential compromise of their PHI. In March 2021, the healthcare provider detected suspicious activity in its network and took immediate action to limit the security breach. The healthcare organization enforced its incident response plan which permitted it to easily bring back access to its system.

Eduro Healthcare stated the quick action taken in response to the breach was considered to have averted unauthorized persons from accessing and exfiltrating patient files; nonetheless, on August 24, 2021, Eduro Healthcare found out that certain patient data were exfiltrated and published on a dark web data leak site.

Then started a painstaking process of finding the people impacted and the types of information that was compromised. That process was finished on October 21, 2021. The exposed information included first and last names, dates of birth, provider name, date(s) of service, treatment data, health insurance information, and Social Security numbers.

Affected persons have been provided 12 months of free credit monitoring and identity restoration services with IDX and will be covered by a $1,000,000 identity theft insurance plan. Eduro Healthcare has put in place more security controls, performed a total audit of all accounts, strengthened password protocols, reconfigured its firewall, used multi-factor authentication on email accounts, and updated its system security practices and procedures.

Email Security Breaches At MultiPlan and Hawaii Independent Physicians Association

The medical payment billing service provider MultiPlan made an announcement a breach of its email environment. On January 27, 2021, suspicious activity was seen in the email account of one employee. The action was quickly done to end unauthorized access. The credentials of the worker’s email were altered.

MultiPlan right away started an investigation to figure out the nature and extent of the breach, with support given by forensics professionals. The investigation established that the primary objective of the attack was to change wire transfers from the clients of MultiPlan hoping to pay invoices. The attacker used the compromised email account to speak with those clients concerning billing and to try to reroute payments to their accounts.

Although the attackers didn’t appear to target protected health information (PHI), the breached email account was discovered to have the PHI of 214,956 people. That data might have been looked at or acquired by the attacker from December 23, 2020 to January 27, 2021.

The types of data contained in the account were full names, emails, physical addresses, birth dates, healthcare company names, medical record numbers, cost/date of medical services, claims identifiers, medical insurance ID numbers, Social Security numbers, group IDs, and member IDs.

MultiPlan has informed all impacted persons and will be paying for the cost of two years of credit monitoring. Extra protocols and procedures have already been put in place to avoid further email account breaches down the road.

Email Account Breach at Hawaii Independent Physicians Association

Hawaii Independent Physicians Association (HIPA) is sending notifications to 18,770 patients regarding a security breach that involves a subcontractor’s email account.

HIPA determined on February 4, 2021 that an unauthorized person obtained access to the email account. The covered entity promptly stopped external access to the account and asked all HIPA users to modify their login information for their site and email accounts as a safety measure. With the assistance of a third-party cybersecurity company, HIPA established the breach only affected one email account which had the protected health information (PHI) of patients of its physicians.

The compromised account contained these types of data: full names, home addresses, dates of birth, and details concerning the overall health condition of patients. There was no proof of unauthorized information access found, however, the probability that PHI was seen or gotten can’t be eliminated.

The cybersecurity agency looking into the breach made suggestions to enhance email protection and HIPA is now applying the recommended adjustments.

PHI Exposed in Email Incidents at Discovery Practice Management and One Medical

Discovery Practice Management Informs People Regarding June 2020 Email Breach

Admin support services provider Discovery Practice Management to Authentic Recovery Center and Cliffside Malibu facilities located in California, has reported that unauthorized people acquired access to the email system it retains for those services.

Suspicious email activity was discovered in the email environment on July 31, 2020. An investigation into the breach showed there were unauthorized sign-ins to personnel email accounts at the two facilities from June 22, 2020 to June 26, 2020.

The accounts were promptly secured and a third-party cybersecurity agency was involved to inspect the incident however it cannot be confirmed if protected health information (PHI) in the accounts was accessed or exfiltrated.

PHI possibly exposed contained names, birth dates, addresses, medical record numbers, patient account numbers, medical insurance details, financial account/payment card data, driver’s license number, Social Security numbers, and clinical data, like diagnosis, treatment details, and medicine details.

The company stated in its breach notice to the California Attorney General that it collaborated with both practices to verify the contact data for the 13,611 persons whose details was probably compromised. That process was accomplished on June 2, 2021. Persons impacted by the breach have now been informed and have been provided a free one-year membership to credit monitoring and identity theft protection assistance.

Discovery Practice Management is convinced the attack was not done so as to steal patient data, instead, it is believed to have been meant to reroute invoice payments. Steps have already been taken to enhance email security and upgraded training has been given to the facilities’ employees to determine and prevent suspicious e-mails.

Email Addresses of Hundreds of One Medical Patients Got Compromised

An email error resulted in the compromise of the email addresses of numerous One Medical patients. The provider dispatched emails to patients requesting them to confirm their email addresses. The patients’ email addresses were not placed on the ‘BCC’ field of the email but on the ‘To’ field, therefore, it’s possible that all people who received the email could view all the email addresses.

Only the patients’ email addresses were compromised, however, the emails did show the owner of one email address as a patient from One Medical. A number of the persons who got the email tweeted a complaint. One person claimed that the email received had 981 visible email addresses.

One Medical released an announcement on Twitter in reply to the blunder. The company acknowledged the exposure of the recipients’ email addresses and apologized for the issue of concern. At the same time, the company assured that the incident is being investigated and said that there was no security breach of its systems. Proper measures had been implemented to avoid the same incident in the future.

Data Breaches at San Juan Regional Medical Center, Coastal Medical Group and Springfield Psychological

San Juan Regional Medical Center has recently sent notifications to tens of thousands of its patients concerning a security breach that happened in the fall of 2020. The medical center based in Farmington, NM found out that an unauthorized individual accessed its network on September 8, 2020. Immediate action was done to avoid further unauthorized access and an investigation was begun to know the nature and magnitude of the breach.

The forensic investigation revealed the attacker exfiltrated data between September 7th and 8th. A manual evaluation of those files confirmed they included the protected health information (PHI) of 68,792 people. The types of information in the records varied from one patient to another and included names in combination with one or more of the following data elements:

Birth dates, driver’s license numbers, Social Security numbers, financial account numbers, passport data, health insurance details, diagnoses, treatment details, medical record numbers, and patient account numbers.

Although data theft was verified, no evidence has been found to suggest any of the stolen PHI was misused. Free credit monitoring services have been provided to people whose Social Security number was compromised. Steps have likewise been taken to secure its system and enhance internal processes to avoid even more security breaches.

Coastal Medical Group Reports Hacking and Data Theft

Gastroenterology and internal medicine specialist Coastal Medical Group based in Old Bridge, NJ has experienced a security breach in which patient information has possibly been compromised. The practice, which is shown as permanently closed, found out about the breach on April 21, 2021.

The investigation shows systems were initially compromised on March 25, 2021. Based on a statement released by the practice, incident response and recovery processes were quickly executed, and the practice worked immediately to evaluate the security of its systems and stop further unauthorized access.

The investigation affirmed that the attacker acquired files made up of protected health information, which included full names, residence addresses, dates of birth, other demographic and contact data, Social Security numbers, insurance details, diagnoses, and treatment data.

The practice has informed all affected patients through mail and has given complimentary credit monitoring and identity theft protection services. Steps have additionally been undertaken to protect its networks to stop any more breaches.

It is presently uncertain how many persons were impacted.

Email Error at Springfield Psychological

Springfield Psychological in Pennsylvania has advised certain present, former, and prospective patients regarding an email error that exposed email addresses. A routine marketing email was sent on June 9, 2020; nonetheless, rather than having the recipients’ email addresses unseen, the email was delivered in a way that made recipients’ email addresses visible to all recipients.

Apart from determining the people as having received or considered receiving healthcare services from Springfield Psychological, the only data compromised were email addresses.

Springfield Psychological contacted the HHS’ Office for Civil Rights concerning the incident in late 2020 and on May 25, 2021, OCR informed Springfield Psychological that the event was a reportable breach according to HIPAA. Affected persons were then quickly informed.

PHI Breach at Five Rivers Health Centers and Cancer Centers of Southwest Oklahoma

Five Rivers Health Centers based in Ohio has informed 155,748 patients about the access by an unauthorized person to some of their protected health information (PHI) that was kept in email accounts subsequent to a phishing attack.

It is not clear when Five Rivers Health Centers discovered the breach, but according to reports, after doing a comprehensive forensic investigation into the cyberattack as well as a manual records review, it found out on March 31, 2021, that the compromised email accounts included patients’ personal and health data.

The forensic investigation affirmed the breach of the email accounts from April 1, 2020, to June 2, 2020. The healthcare provider sent notification letters to affected individuals on May 28, 2021 over a year after the occurrence of the first email account breach.

The types of PHI identified in the emails and attachments differed from one patient to another and might have contained at least one of these data elements: Name, address, birth date, patient account number, medical record number, diagnoses, treatment and/or clinical data, test result data, laboratory test results, provider name, treatment cost details, dates of service, prescription details, medical insurance data, and Medicare or Medicaid numbers.

The payment card numbers, financial account number, driver’s license number, Social Security number and/or state ID number of a few persons were likewise exposed. A one-year free membership to a credit monitoring service was offered to persons who had their Social Security numbers exposed.

After the attack, Five Rivers Health Centers reviewed and updated its guidelines and procedures, implemented 2-factor authentication, and provided employees with more training on cybersecurity.

8,000 Cancer Centers of Southwest Oklahoma Patients Affected by Breach

Cancer Centers of Southwest Oklahoma (CCSO) has found out about the potential compromise of the PHI of 8,000 patients in a cyberattack on one business associate. Elekta Inc. provides CCSO with a 1st generation cloud-based storage system, which suffered an attack early this year.

Elekta employed third-party cybersecurity specialists to look into the security breach and affirmed the incident on April 28, 2021. Breached systems contained the PHI of CCSO patients. Although it wasn’t possible to know what data the attackers accessed or exfiltrated, Elekta came to the conclusion that all system data had been exposed and ought to be regarded as compromised. Elekta’s cloud-based storage system is still offline until the forensic investigation concludes.

CCSO mentioned in its substitute breach notification letter that the information stored in the system and potentially accessed or stolen included names, Social Security numbers, addresses, birth dates, height, weight, clinical diagnosis, medical treatment information and consultation confirmations.

Elekta is providing free identity monitoring, fraud consult, and identity theft restoration services to impacted persons.

Data Breaches at Manquen Vance, DNF Medical Centers and Peak Vista Community Health

The Manquen Vance group health plan broker and consultancy firm based in Michigan, previously known as Cornerstone Municipal Advisory Group – is informing 7,018 people regarding a potential compromise of their personal and health information (PHI).

The investigation began on November 16, 2020 after the company noticed suspicious activity in a worker’s email account. Manquen Vance affirmed that unauthorized individuals accessed the account from November 1 to 16. Only one email account had been compromised.

Although it is likely that emails and file attachments with sensitive information were viewed or copied, there is no sure evidence found to point out that was what happened. The late issuance of breach notifications was because of the long process of examining each email in the account for sensitive data. That procedure was concluded on February 2, 2021 and ascertained that members’ names, Social Security numbers, and medical insurance information had potentially been breached. Since the security incident, Manquen Vance has taken steps to boost email security to avoid identical breaches from happening again.

DNF Medical Centers Terminates Employee for Rerouting Blood Samples to Unauthorized Laboratory

DNF Medical Centers located in Florida is sending notification to 846 persons regarding a breach of their PHI. The healthcare provider discovered on February 18, 2021 that an employee was diverting the blood samples of patients to an unauthorized laboratory for screening, and not to LabCorp or Quest.

Patient data sheets were dispatched with the blood samples which comprised patient names, birth dates, addresses, phone numbers, healthcare provider name, and the last 4 digits of Social Security numbers. DNF Medical Centers stated that the lab performed medical tests as required and returned the results; nevertheless, because this was an unauthorized lab, DNF Medical Centers is worried about the integrity of the test results. Therefore, affected patients were informed and asked to do their blood tests again at zero cost.

An investigation of the incident was started and the employee was interviewed and eventually fired. DNF Medical Centers believes no personal information was improperly used or further disclosed and that the blood samples were provided to the laboratory for the needed medical assessments to be done to permit the laboratory to bill patients’ health insurance companies for the lab tests.

PHI Breach in Peak Vista Community Health Robbery

On March 7, 2021, robbers broke into a facility of Peak Vista Community Health located in Colorado Springs and stole computer devices. On March 31, 2021, Peak Vista confirmed that two thieved computers held patient records with names, dates of birth, telephone numbers, health record numbers, prescription medication lists, and diagnosis data.

Peak Vista has filed a report submitted about
the theft to law enforcement, however, the equipment has not been recovered. Though it is possible that the thieves accessed the data on the computers, there is no proof of attempted or actual misuse of patient data discovered. Peak Vista Community Health mentioned only a few of its patients were impacted and every one of them has already been advised via mail.