Data Breaches Reported by Refuah Health Center and Quantum Imaging Therapeutic Associates

Refuah Health Center located in New York has lately begun sending notifications to 260,740 patients regarding a security breach that happened about one year ago. Based on the April 29, 2022 notice on the healthcare company’s webpage, it recently found unauthorized access to its system took place from May 31, 2021 to June 1, 2021. Upon being aware of the breach, the health center started an investigation to find out the nature and extent of the cyberattack, and a thorough review was then performed on all files that were possibly accessed.

Refuah Health Center stated it found out on March 2, 2022, that the attackers had exfiltrated a number of files from its network that included “a limited amount” of patients’ protected health information (PHI), which include names and at least one of these data types: driver’s license numbers, state ID numbers, birth dates, Social Security numbers, bank/financial account data, debit/credit card details, healthcare treatment/diagnosis details, Medicaid/Medicare numbers, patient account numbers, medical record numbers, and/or health insurance policy numbers. The health center began sending notification letters to affected people on April 29, 2022 and offered free credit monitoring services to persons whose Social Security numbers were probably exposed.

Although Refuah Health Center didn’t make known more data concerning the character of the attack, databreaches.net stated that the attack seems to have been performed by the Lorenz ransomware group, which included Refuah Health Center to its listing of victims on its data leak website on June 11, 2021, though that entry is already deleted.

Quantum Imaging Therapeutic Associates Patients’ PHI Compromised

Specialized diagnostic radiology services provider Quantum Imaging Therapeutic Associates based in Lewisberry, PA just sent breach notification letters to patients telling them about the compromise of their PHI. The data security breach was discovered and obstructed on October 7, 2021.

During the time of giving notification letters, there was no proof received that shows the viewing or theft of any patient information by the attackers, even though it wasn’t possible to exclude the probability. The breached areas of its system comprised patient information like names, dates of birth, addresses, Social Security numbers, and data associated with the radiology services given.

After preventing the attack, Quantum commenced an investigation with the assistance of third-party IT professionals, and has now analyzed its network setting and made enhancements to security. Quantum will additionally be tracking the threat landscape carefully and will take proactive steps to deal with new threats. Impacted people have been given complimentary identity theft protection services.

The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is not clear how many persons were impacted.

Author: Joe Murray

Joe Murray is the Editor-in-Chief of HIPAA 101, where he leads the writing team in delivering high-quality news and insights on HIPAA regulations. With over 15 years of experience in healthcare journalism, Joe has established himself as a trusted writer. At HIPAA 101, Joe is dedicated to providing healthcare professionals and administrative staff with accurate, timely, and comprehensive information to help them navigate the complexities of HIPAA.