Data Breaches Reported by Smile Brands Ransomware Attack , Arcare and Onehome Health Solutions

Smile Brands based in Irvine, CA provides support services for dental offices. It recently presented an update on the number of people affected by a ransomware attack that was identified on April 24, 2021. The attackers acquired access to areas of its network on April 23, 2021, that kept files that contained the protected health information (PHI) of individuals, including names, telephone numbers, addresses, birth dates, Social Security numbers, financial data, government-issued ID numbers, and health information.

The breach report was initially submitted to the HHS’ Office for Civil Rights last June 2021 as having 1,200 victims, but the breach report was afterward corrected to state as many as 199,683 persons were impacted. Nonetheless, in the most recent notification to the Maine attorney general, the breach was reported as impacting around 2,592,494 individuals. The preliminary notice to the Maine attorney general was sent on October 8, 2021.

Smile Brands stated that affected persons were provided a complimentary 12-month membership to a credit tracking service, which involves identity theft assistance services and coverage of a $1 million identity theft insurance policy.

Malware Possibly Permitted Hackers Access ArCare Patient Information

Arcare, a firm providing primary care and behavioral health services within Kentucky, Arkansas, and Mississippi, has reported that patient information was possibly accessed by unauthorized people in a cyberattack that was identified on February 24, 2022. Because of the malware found on its system, there was a temporary disruption of its services. ArCare took immediate action to stop continuing unauthorized access and launched an investigation to find out the nature and scope of the incident.

The investigation affirmed on March 14, 2022, that the hackers may have accessed sensitive data from January 18, 2022 to February 24, 2022. An analysis of the impacted records was done on April 4, 2022, and established they included names, driver’s license or state ID numbers, Social Security numbers, dates of birth, financial account details, medical treatment data, prescription details, medical diagnosis or condition details, and medical insurance information.

Although data was exposed, there was no evidence found that suggests actual or attempted misuse of patient information. ARcare mentioned it has revised its policies and procedures associated with data protection and security and mailed notification letters to affected persons on April 25, 0222.

The incident is not yet posted on the HHS’ Office for Civil Rights breach portal therefore it is currently uncertain how many people were impacted.

Theft of Unencrypted Laptops from the Home of Onehome Health Solutions Employee

Two unencrypted laptop computers were stolen from the house of a Onehome Health Solutions employee. The healthcare provider based in Miramar, FL discovered the theft on March 3, 2021 and reported the incident to authorities.

A forensic investigation confirmed that the laptop computers stored the PHI of approximately 15,401 patients, such as names, addresses, telephone numbers, health data, medical insurance data, and the last four numbers of Social Security numbers.

Onehome stated all impacted persons were informed regarding the compromise of their data and free identity theft protection services were provided to people who had their Social Security numbers partially exposed.