Data Breaches at NorthWest Congenital Heart Care and Superior HealthPlan

NorthWest Congenital Heart Care based in Washington is notifying 1,166 patients concerning the potential breach of some of their protected health information (PHI) because of unauthorized access. On May 7, 2021, the office of a single NWCHC doctor was broken into by an unauthorized third party. An external hard drive utilized for backing up data was stolen. The provider reported the theft to law enforcement, however, the hard drive hasn’t been retrieved.

An analysis of the data backups showed they included patient data like names, birth dates, ages, medical and treatment details, dates and location of service, doctor names, services needed, procedures done, diagnosis codes, medical record numbers, diagnosis and treatment information, and, for one person, medical insurance details.

To minimize the risk of upcoming data breaches, NorthWest Congenital Heart Care is going to stop using external hard drives for backing up data.

Accellion Data Breach Affects Superior HealthPlan Members

2,781 members of Superior HealthPlan in Texas received notification about the compromise of a few of their PHI in the cyberattack on Accellion. The breach impacted the Accellion file transfer program, which was employed to send very big files that can’t be sent through email.

The attackers got access to the system from January 7 to January 20, 2021. On April 2, 2021, Superior HealthPlan found out the attackers could access and acquire files that contain names, addresses, birth dates, insurance ID numbers, and medical information including health condition and treatment details.

All impacted persons were provided free credit monitoring and identity theft protection services for one year. Superior HealthPlan is no longer using Accellion’s services. All information has been taken from Accellion’s systems, and file transfer procedures and tools are being evaluated and updated to avoid the same breaches later on.