Data Breaches at the American College of Emergency Physicians, VEP Healthcare and Epilepsy Florida

The American College of Emergency Physicians (ACEP) has begun informing selected members about the unauthorized access of some of their personal information that was stored on a server.

Besides giving professional organizational services to its members, ACEP provides management services to organizations including Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Foundation (EMF), and the Emergency Medicine Residents’ Association (EMRA). The breach affected data associated with those companies. Those who purchased from or donated to EMF, SEMPA, or EMRA were impacted by the breach.

ACEP detected unusual activity in its systems on September 7, 2020. The compromised server contained the login information for its SQL database servers, which also stored members’ data. Although there is no evidence that indicates the use of the credentials to access the databases, it’s not possible to make sure there’s no unauthorized access. The details covering April 8, 2020 to September 21, 2020 were exposed.

There were varying compromised records from individual to individual. Aside from names, sensitive data like Social Security numbers and financial information were compromised.

The breached server has been recovered, passwords altered, and more technical security steps have now been applied. ACEP offered 12 months of credit monitoring services to affected persons.

VEP Healthcare Discovers Unauthorized Access to Multiple Email Accounts

VEP Healthcare based in Portland, OR found out that unauthorized individuals accessed several employee email accounts after employees responded to phishing emails and shared their login information. The provider discovered the email security incident on March 11, 2021. The investigators of the breach stated that the impacted email accounts were accessed from November 15, 2019 to January 20, 2020. It is still uncertain precisely what data the compromised accounts contained.

Although the hackers accessed the email accounts, there is no proof that suggests the access or theft of any protected health information. Nonetheless, as a safety precaution, VEP Healthcare offered the affected people a complimentary 12-month membership to the IDX identify theft protection service and a $1 million identity theft insurance coverage.

Since the incident, VEP healthcare has improved email security, integrated 2-factor authentication on email accounts, has altered its policies and procedures, and offered more security awareness training to the workforce.

Epilepsy Florida Impacted by Blackbaud Data Breach

Epilepsy Florida has recently affirmed that it was impacted by the Blackbaud Inc. data breach. The breach happened in May 2020 and the healthcare provider sent notifications to affected clients last July 2020.

In a substitute breach notice posted in March 30, 2021, Epilepsy Florida stated that it began investigating the breach to know what information were exposed and, after asking for more data from Blackbaud, it was mentioned that the breach only included the full names of 1,832 persons. No other details appear to have been compromised.