Data Breaches Reported by NYC Health + Hospitals, Polsinelli PC, Hawaiian Eye Center, and The Elizabeth Hospice

NYC Health + Hospitals Warns Patients Concerning Loss of Device With PHI

NYC Health + Hospitals reports a faulty hard drive that stored the protected health information (PHI) of 2,174 patients was found to be gone from a visual field testing device situated at its NYC Health + Hospitals/Woodhull facility in Brooklyn, NY. Since the drive can’t be located it was not possible to confirm if the records on the device could be accessed, nevertheless, it was stated that the device comprised patients’ names, birth dates, visual field test data, and medical record numbers.

As a result of the breach, NYC Health + Hospitals has re-trained employees on its policy for the right chain of custody for devices comprising PHI when those units are taken out of service. Moreover, a new policy was applied that calls for PHI to be taken from visual testing devices consistently. The training was additionally enhanced to ensure all employees are aware of the need to promptly notify officials about potential breaches of PHI.

Unauthorized System Access Discovered by Missouri Law Firm

Law company Polsinelli PC based in Kansas City, MO, which offers hospitals corporate legal services, states that unauthorized individuals viewed files that had patient records on September 9, 2022, from two locations. A third-party cybersecurity firm investigated the breach and confirmed that the breach did not affect its network and main document repository; nonetheless, the files that were accessed included some patient data, such as names, addresses, birth dates, health insurance details, patient account numbers, medical record numbers, very limited clinical data, and Social Security numbers. St. Luke’s Health Brazosport patients are found to have been affected.

Individuals whose Social Security numbers were impacted got offers of credit monitoring and identity theft protection services. Nevertheless, the law agency believes that no compromised information will be utilized for identity theft or fraud. The HHS Office for Civil Rights already received the breach report, which indicated that 1,220 persons were affected.

Patient Information Exposed Due to Hawaiian Eye Center Cyberattack

Hawaiian Eye Center located in Wahiawa, HI recently began informing a number of patients that unauthorized individuals accessed some of their PHI that was saved on a server. It was discovered on November 2, 2022 that the server was unresponsive. Upon investigation, it was confirmed that an unauthorized individual accessed the server and the network. The attackers also exfiltrated files from the system that contain patient data.

Those files included names, birth dates, addresses, email addresses, driver’s license numbers, Social Security numbers, medical record numbers, and medical insurance data. The eye center informed the impacted persons and offered them single-bureau credit monitoring services. It also engaged third-party cybersecurity professionals to perform an evaluation of its security procedures and systems and implemented appropriate upgrades to avoid more breaches later on.

It is presently uncertain how many persons were impacted.

Insider Data Breach at The Elizabeth Hospice

nonprofit hospice, The Elizabeth Hospice, manages facilities in Carlsbad, Escondido, Temecula, and San Diego, CA. It found out that an ex-employee was sending email messages from her email account at work to a private account when she was working at the hospice. An analysis of the email messages was finished on November 14, 2022. It confirmed that they included first and last names, admission and discharge dates, basic health data, and patient account numbers. The Elizabeth Hospice stated it did not know of any actual or attempted patient data misuse. Still, affected individuals were instructed to be wary and monitor unauthorized activity in their accounts and statements.

It is presently unknown how many people were impacted.