Data Breaches Reported by University Pediatric Dentistry, Eye Care Practices, OrthoNebraska, and Michigan Avenue Immediate Care

University Pediatric Dentistry based in Buffalo, NY, has begun informing 6,843 patients about the exposure of some of their protected health information (PHI) because of an email security incident.

The provider secured its email system right away after detecting the breach. Forensic specialists confirmed that an unauthorized third party accessed two email accounts from January 12, 2022 to January 19, 2022. According to University Pediatric Dentistry, it was discovered on April 25, 2022, that the compromised email messages and file attachments contained patient information, which was likely viewed or stolen.

The exposed data included patient names, contact data, birth dates, Social Security numbers, government ID numbers, driver’s license numbers, treatment and diagnosis details, names of providers, patient account numbers, medical record numbers, prescription details, dates of service and/or medical insurance data. The financial account data of some patients were also exposed.

People whose driver’s license numbers or Social Security numbers were exposed received free credit monitoring and identity theft protection services. University Pediatric Dentistry stated that technical security procedures will be put in place to safeguard and keep track of its email system.

Eye Care Leaders Data Breach Impacts Several More Eye Care Practices

The number of eye care centers affected by the data breach at Eye Care Leaders is still growing. Aloha Laser Vision in Hawaii, Mattax Neu Prater Eye Center in Missouri, and Sight Partners Physicians in Washington are among the latest known to be impacted. No less than 33 eye care companies have stated they were affected by the cyberattack and the data of more than 2.9 million people were potentially exposed.

Cyberattack Announced by Michigan Avenue Immediate Care

Michigan Avenue Immediate Care (MAIC) located in Chicago, IL, has just reported a hacking incident by which an unauthorized third-party gained access to its computer system and exfiltrated files that contain sensitive patient information. The cyberattack was identified on May 1, 2022. MAIC confirmed on May 12, 2022 that the files taken from its network included some patient data.

The types of records contained in the files varied from one person to another and may possibly include names, telephone numbers, addresses, dates of birth, Social Security numbers, driver’s license numbers, treatment details, and/or health insurance data. Affected persons were notified via mail and were given complimentary membership to the Experian IdentityWorks Credit 3B service for one year.

The incident is not yet posted on the HHS’ Office for Civil Rights breach website, thus it is currently not clear how many people were impacted.

OrthoNebraska Email Account Compromised

Orthopedic clinic OrthoNebraska located in Omaha, NE has lately reported that an unauthorized individual accessed the email account of an employee. The breach happened in early December 2021 and was discovered because the email account was utilized to send spam emails. An analysis of the affected email account showed that the emails and file attachments included protected health information (PHI) of some patients, and that sensitive information could have been seen or obtained.

The exposed details contained names, demographic data, Social Security numbers, state ID numbers, driver’s license numbers, usernames/passwords, medical insurance, claims information, and medical histories. Impacted persons were informed through the mail and credit monitoring and offered identity theft protection services. Up to now, there was no evidence found that indicates the actual or attempted misuse of any patient information. OrthoNebraska said it has offered additional data security training to the employees and implemented additional safeguards to enhance email security.

The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.