Data Security Incidents Reported by Parker-Hannifin Corporation, Behavioral Health Partners of Metrowest and Vail Health Services

Parker-Hannifin Corporation based in Cleveland, OH, a maker of motion and control technologies, lately reported that unauthorized persons have acquired access to parts of its IT systems and might have gotten files that contain the sensitive data of present and past employees, their dependents, and other persons associated with the organization.

The company detected suspicious activity inside its IT environment on March 14, 2022. It was confirmed by the forensic investigation that unauthorized individuals accessed its systems from March 11, 2022 to March 14, 2022. A thorough evaluation of the impacted files confirmed they included data like names, dates of birth, addresses, driver’s license numbers, Social Security numbers, passport numbers, financial account data like online account usernames and security passwords, bank account and routing numbers. The enrollment information of present and past members of the Parker Group Health Plan, as well as those of a health plan sponsored by an entity obtained by Parker, may have been exposed. Compromised information may include medical insurance dates of coverage and plan member ID number.

The breach report submitted to the HHS’ Office for Civil Rights indicated that 119,513 group health plan members were affected. The company already notified the affected persons and provided a free membership to Experian’s IdentityWorks identity theft protection and monitoring services for two years.

Data Theft Incident Reported by Behavioral Health Partners of Metrowest

Behavioral Health Partners of Metrowest (BHPMW) based in Framingham, MA has informed 11,288 persons that an unauthorized person copied some of their protected health information (PHI) from its systems. BHPMW discovered the data breach on October 1, 2022, and confirmed through the forensic investigation that the unauthorized person got access to its systems and extracted information from September 14 to September 18, 2021.

The stolen information pertained to the Behavioral Health Community Partner Program that BHPMW manages as per the agreement with MassHealth, together with the SMOC, Advocates, Family Continuity, Wayside Youth and Family Support provider agencies and Spectrum Health Systems. The compromised information included names, Social Security numbers, addresses, dates of birth, client ID numbers, medical insurance data, and medical diagnosis/treatment details. BHPMW did not receive any information regarding any actual or attempted misuse of the stolen data.

BHPMW sent notification letters to impacted persons on May 11, 2022, and those persons received offers of free credit monitoring and identity protection services.

17,000 Patients Affected by Vail Health Services Data Security Incident

Vail Health in Colorado experienced a data security incident that led to the compromise and possible theft of the PHI of 17,039 individuals. Vail Health stated when it began having trouble with its network systems, it started an investigation that showed on April 5, 2022 that an unauthorized person had acquired access to its network on February 11, 2022.

The breached systems had a limited number of files such as data regarding persons who got COVID-19 tests from Vail Health, including names, dates of birth, contact details, encounter numbers, and COVID-19 test data. There was no compromise of financial data, medical insurance data, or Social Security numbers.

The systems currently had controls that limited access to a small number of persons. Extra security measures were enforced to additionally limit access.