Data Breaches Reported by Alameda Health System, AON, and Capsule Pharmacy

Alameda Health System based in California, Capsule pharmacy located in New York, and Aon PLC based in Illinois recently reported data breaches that affected a total of 56,290 people.

90,000 Alameda Health System Patients Notified About Data Breach

Alameda Health System located in Oakland, CA has lately submitted a data breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that approximately 90,000 individuals were impacted. There are limited details released so far about the nature of the breach. Alameda Health System stated that there was suspicious activity detected in some employees’ email accounts. The subsequent investigation confirmed that an unauthorized third party accessed several employee email accounts.

The analysis of those email accounts affirmed they included the protected health information (PHI) of patients. However, it is uncertain how much patient information was compromised. According to Alameda Health System, there is no evidence found that suggests the viewing or removal of any data in the accounts. The provider will send the breach notification letters to affected persons shortly and will implement measures to enhance security and avert harm to patients.

27,486 Individuals Affected by Capsule Pharmacy Breach

A New York digital pharmacy Capsule Pharmacy has started sending notifications to 27,486 people that some of their PHI was exposed in a recent cyberattack. Based on the breach notification given to the California Attorney General, unauthorized persons acquired access to a number of Capsule accounts on April 5, 2022.

The pharmacy discovered the security breach on the same day and performed a password reset on all impacted accounts. A third-party digital forensics company assisted with the investigation and confirmed that the following types of data were potentially exposed: demographic details including names, phone numbers, addresses, email addresses, sex, and birthdates, health records such as medical ailments and prescribed medicines, past order log, insurance data, chat messages to and from Capsule agents, and credit card last 4 digits numbers and expiry dates.

Capsule said more security steps are being applied. Although a password reset was done on all affected accounts, Capsule is advising users to set different passwords for their different accounts. Be sure that the passwords are complex or passphrases that are not simple to guess, and do not use previous passwords again. This indicates the security breach was probably a password spraying attack.

PHI of More Than 28,700 People Possibly Compromised in Aon PLC Cyberattack

Business associate Aon PLC based in Chicago, IL provides financial risk-mitigation products, such as insurance and medical insurance plans. The company lately announced that it suffered a cyberattack. AON PLC discovered the security breach on February 25, 2022, and the forensic investigation affirmed that an unauthorized third party obtained access to selected Aon systems at different times from December 29, 2020, to February 26, 2022, and that some documents comprising people’s PHI were taken from its systems.

Aon stated it took steps to validate that the stolen information is no longer with the third party. There are no signs that the extracted data was further copied, stored, or shared. There is no rationale to think that any data was or will be misused. The impacted information only comprised names, driver’s license numbers, Social Security numbers, and, for a few people, benefit enrolment data. Aon mentioned it sent the incident report to the Federal Bureau of Investigation and other law enforcement authorities, and it has taken steps to further improve security.