San Juan Regional Medical Center has recently sent notifications to tens of thousands of its patients concerning a security breach that happened in the fall of 2020. The medical center based in Farmington, NM found out that an unauthorized individual accessed its network on September 8, 2020. Immediate action was done to avoid further unauthorized access and an investigation was begun to know the nature and magnitude of the breach.
The forensic investigation revealed the attacker exfiltrated data between September 7th and 8th. A manual evaluation of those files confirmed they included the protected health information (PHI) of 68,792 people. The types of information in the records varied from one patient to another and included names in combination with one or more of the following data elements:
Birth dates, driver’s license numbers, Social Security numbers, financial account numbers, passport data, health insurance details, diagnoses, treatment details, medical record numbers, and patient account numbers.
Although data theft was verified, no evidence has been found to suggest any of the stolen PHI was misused. Free credit monitoring services have been provided to people whose Social Security number was compromised. Steps have likewise been taken to secure its system and enhance internal processes to avoid even more security breaches.
Coastal Medical Group Reports Hacking and Data Theft
Gastroenterology and internal medicine specialist Coastal Medical Group based in Old Bridge, NJ has experienced a security breach in which patient information has possibly been compromised. The practice, which is shown as permanently closed, found out about the breach on April 21, 2021.
The investigation shows systems were initially compromised on March 25, 2021. Based on a statement released by the practice, incident response and recovery processes were quickly executed, and the practice worked immediately to evaluate the security of its systems and stop further unauthorized access.
The investigation affirmed that the attacker acquired files made up of protected health information, which included full names, residence addresses, dates of birth, other demographic and contact data, Social Security numbers, insurance details, diagnoses, and treatment data.
The practice has informed all affected patients through mail and has given complimentary credit monitoring and identity theft protection services. Steps have additionally been undertaken to protect its networks to stop any more breaches.
It is presently uncertain how many persons were impacted.
Email Error at Springfield Psychological
Springfield Psychological in Pennsylvania has advised certain present, former, and prospective patients regarding an email error that exposed email addresses. A routine marketing email was sent on June 9, 2020; nonetheless, rather than having the recipients’ email addresses unseen, the email was delivered in a way that made recipients’ email addresses visible to all recipients.
Apart from determining the people as having received or considered receiving healthcare services from Springfield Psychological, the only data compromised were email addresses.
Springfield Psychological contacted the HHS’ Office for Civil Rights concerning the incident in late 2020 and on May 25, 2021, OCR informed Springfield Psychological that the event was a reportable breach according to HIPAA. Affected persons were then quickly informed.