Data Breaches Announced by University of Maryland Faculty Physicians and Highpoint Foot & Ankle Center

A phishing attack on the University of Maryland Faculty Physicians, Inc. (FPI) potentially permitted unauthorized people to obtain access to the protected health information (PHI) of the University of Maryland Medical Center (UMMC) patients.

FPI, which is a physician practice group composed of faculty members from the University of Maryland School of Medicine, offers support services to doctors and personnel at UMMC facilities.

Upon learning about the unauthorized email account access, FPI secured the email account and started a thorough investigation to ascertain the nature and magnitude of the breach. On May 26, 2020, FPI affirmed that an unauthorized individual obtained access to the account comprising the PHI of 33,896 patients from February 6, 2020 to February 11, 2020.

The types of data contained in the email account differed from one patient to another and might have included these data elements in combination with patient names: Birthdate, medical record number, and clinical data correlated to the treatment acquired at a UMMC facility or from an FPI-affiliated doctor. A few Social Security numbers were likewise identified in email messages and file attachments. There’s no proof found hinting that the attacker accessed or acquired patient information.

FPI and UMMC have carried out an assessment of policies and procedures and took action to strengthen email security in order to avoid further breaches in the future.

25,554 Patient Data of Highpoint Foot & Ankle Center Potentially Exposed

Highpoint Foot & Ankle Center based in Chalfont, PA uncovered that an unauthorized person carried out a remote access attack and obtained access to its network comprising 25,554 patient files. The healthcare provider discovered the data breach on May 20, 2020 and took immediate action to stop further unauthorized access to the system.

A prompt internal investigation done showed that the unauthorized person accessed patient data that comprised patient names, birth dates, addresses, telephone numbers, diagnosis and treatment data, and Social Security numbers. In spite of the verified unauthorized access by the hacker, there is no proof identified that showed the access or copying of patient data. There is likewise no report filed indicating the misuse of patient information.

Highpoint Foot & Ankle Center has put in place extra precautions to avoid more security breaches and has given the impacted patients free membership to credit monitoring and identity theft protection services via MyIDCare.