Data Breaches at Healthback Holdings, City of Newport, and Minuteman Senior Services

Healthback Holdings has commenced informing 21,114 people about the potential access and theft of some of their protected health information (PHI) by unauthorized persons. The Oklahoma City home health provider detected strange activity inside its email account on June 1, 2022. A third-party cybersecurity agency helped investigate the incident. It was confirmed that an unauthorized third party accessed a few employee email accounts from October 5, 2021 to May 15, 2022 because of responding to phishing emails.

The investigators can’t ascertain which email accounts, if any, were viewed, or if there was theft of any data in the accounts. Therefore, notification letters had been sent to all people whose PHI had been included in the impacted email accounts. The compromised data differed from person to person and might have contained names, medical insurance details, Social Security numbers, and clinical data.

Free credit monitoring and identity theft protection solutions are being offered to qualified individuals. Healthback Holdings has toughened its email security and additional training is given to staff members about detecting and avoiding phishing emails.

City of Newport in Rhode Island Hacking Incident

The City of Newport, RI recently submitted a breach report to the HHS’ Office for Civil Rights indicating that the PHI of 6,109 persons was affected. Strange network activity was identified within its system on June 9, 2022, and selected systems became inaccessible. The forensic investigation affirmed that the hackers had acquired access to its system on June 8, 2022, and extracted files that contain sensitive information from its systems.

An analysis of the affected files was done on June 12, 2022 and confirmed the inclusion of information of present and past employees as well as their spouses and/or dependents. The potentially compromised data included names, addresses, birth dates, financial account numbers employed for direct deposit, data associated with group health insurance, and Social Security numbers.

The City of Newport sent breach notification letters to impacted persons on July 22, 2022 and provided free memberships to identity monitoring services to affected people. The company also took steps to strengthen the security of the network.

Unauthorized Person Accessed the Minuteman Senior Services Email Account

Minuteman Senior Services based in Bedford, MA has identified that an unauthorized person acquired access to the email account of an employee and possibly viewed or acquired sensitive data in the account. The unauthorized access was discovered on June 1, 2022 and the forensic investigation confirmed that the account was accessed for under 24 hours.

Minuteman explained in a substitute breach notification issued on July 29, 2022 that the account included details like full names, addresses, dates of birth, sexuality, medical insurance data, diagnosis, and service utilization details. No proof of information theft or misuse was found upon the issuance of notifications.

The breach report has been submitted to the HHS’ Office for Civil Rights indicating that approximately 4,000 persons were affected.