Data Breach Reports Sent by New Jersey Brain and Spine, Dialyze Direct, and Highmark Inc

New Jersey Brain and Spine (NJBS) has lately reported it encountered a cyberattack on or about November 16, 2021, that encrypted information on its system. NJBS stated it quickly took action to protect its network and had a computer forensic company look into the security breach. Although no proof was discovered that indicates there was any improper use of patient information due to the attack, the forensics agency mentioned the attacker might have viewed files that contain patient records.

A third party vendor conducted an evaluation of all files on its network that was possibly accessed, and although the data mining procedure is in progress, it was affirmed that the files comprised data such as names, email addresses, physical addresses, birth dates, phone numbers, social security numbers, driver’s license numbers or other ID numbers, financial account details, credit or debit card data, and health details. Notification letters had been mailed to impacted people on March 10, 2022.

NJBS stated that right after the breach, a number of steps were done to better safeguard patient information, such as using two-factor authentication, migrating patient information to a third-party hosted cloud-based system, and setting up a new server. NJBS has additionally used an ongoing monitoring response solution that monitors user activity, services, and ports, and synchronizes logging.

The breach report was sent to the HHS’ Office for Civil Rights revealing that approximately 92,453 persons were affected.

Highmark Inc. Patients Impacted by Breach at Printing and Mailing Provider

Highmark Inc., a non-profit healthcare firm and Integrated Delivery Network located in Pittsburgh, PA, has just announced that certain HIPAA-protected records were compromised in a data breach at Quantum Group. Webb Mason offers marketing services to Highmark and uses the printing and mailing vendor, Quantum Group.

Webb Mason gave Quantum Group access to patient information in 2017 to help with marketing projects for Highmark, and that data was likely accessed by unauthorized people. Highmark emphasized that its own IT solutions were not exposed.

Highmark said the breach impacted around 67,147 persons, who were provided free online identity monitoring services for 12 months.

Dialyze Direct Notifies Patients Regarding PHI Breach in Cyberattack

Dialyze Direct, a provider of kidney care services based in Neptune City, NJ, has experienced a data breach that has impacted about 14,203 patients. Based on a March 10, 2022 data breach notification, Dialyze Direct mentioned it found out on February 14, 2022, that an unauthorized person got access to a worker email account from January 21, 2021 to March 4, 2021.

A thorough evaluation of the email account established it included patients’ protected health information (PHI) like names, dates of birth, Social Security numbers, government ID numbers, financial account data, payment card details, and medical data that likely includes financial identification numbers, medical diagnostic and treatment information, and/or medical insurance plan details.

Notification letters were delivered to affected persons. People whose Social Security numbers were possibly exposed were given complimentary credit monitoring services. Dialyze Direct stated it has identified no information that indicates the misuse of any patient data.