Cyberattacks Suffered by First Choice Community Healthcare and Arlington Skin

First Choice Community Healthcare located in Albuquerque, NM, has begun informing a number of patients about the unauthorized access of a person to its network who possibly stole patient information. First Choice explained in a substitute breach notification that it discovered strange activity in its technological system on March 27, 2022. A third-party cybersecurity company was employed to perform a forensic investigation and find out the nature and extent of the breach. Although it wasn’t possible to validate whether the unauthorized person accessed or exfiltrated any files, the probability cannot be excluded.

An extensive analysis of the impacted files was finished on June 3, 2022, which affirmed the potential compromise of the following data: names, First Choice patient ID number, date of birth, Social Security numbers, diagnosis, clinical treatment data, prescription medications, dates of service, medical insurance details, patient account number, medical record number, and provider details. Impacted persons got informed concerning the breach through mail on August 1, 2022, and received free identity theft protection services via IDX.

The breach is not yet posted on the HHS’ Office for Civil Rights portal, therefore it is presently uncertain how many persons were impacted.

17,468 Arlington Skin Patients Informed About Electronic Medical Records Breach

Dr. Michelle A. Rivera, MD, also known as Arlington Skin in Virginia began informing 17,468 patients about the potential access to their protected health information (PHI) by unauthorized persons during a security breach involving Virtual Private Network Solutions (VPN Solutions), a business associate.

VPN Solutions handles the electronic medical records of Arlington Skin patients by using the Allscripts practice management services and electronic medical records system. The cyberattack was identified by VPN Solutions on or approximately October 31, 2021. According to the forensic investigation, the attack possibly affected the following data: names, addresses, birth dates, diagnostic and treatment data, medical insurance data, and Social Security numbers.

Arlington Skin began sending notification letters to impacted persons on July 8, 2022. There was no proof of data theft discovered however, as a safety measure, fraud support and remediation services were offered to impacted people via CyberScout.