Email Account Breaches Announced by Newman Regional Health and Contra Costa County

Newman Regional Health (NRH) based in Emporia, KS, which operates a 25-bed critical access hospital, has recently started alerting 52,224 people that unauthorized individuals have gotten access to some employee email accounts that contain protected health information (PHI).

NRH stated on its website that unauthorized persons viewed a few employee email accounts in the course of 10 months in 2021 between January 26, 2021 and November 23, 2021. Upon detection of the security breach, quick action was performed to safeguard the email accounts. NRH started an investigation to learn the extent and nature of the occurrence.

NRH stated that a review of the email messages in the compromised accounts affirmed on March 14, 2022 the compromise of these types of patient information: Names, dates of birth, e-mail addresses, addresses, medical record/ID numbers, phone numbers, and certain heath, treatment or insurance details. A few employees’ information acquired involved a person’s acceptance of services from or job with NRH. A few of them similarly had their financial details or Social Security numbers exposed.

The types of patient data exposed varied from one person to another, and there was no evidence of fraudulent activity prompted by the breach identified when issuing notification letters. NRH explained it has put in place additional measures to fortify security.

Contra Costa County Reports Email Account Security Breach

Contra Costa County located in California has reported a breach of staff email accounts and the compromise of sensitive personal data. The forensic investigation of the incident revealed that unauthorized persons gained access to employee email accounts from June 24, 2021 to August 12, 2021.

As per the substitute breach notice on the Contra Costa County site, the email accounts comprised information on workers and people who had earlier gotten in touch with the County’s Employment and Human Services Department. The types of records exposed contained names, Social Security numbers, state-issued I.D. numbers, driver’s license numbers, passport numbers, financial account numbers, health data, and/or medical insurance details.

Even though unauthorized email account access was established, it wasn’t feasible to tell if any email messages or file attachments in the accounts were accessed or exfiltrated. It is uncertain when the breach was discovered; nonetheless, Contra Costa County stated the breach investigation finished on March 11, 2022, and notification letters were mailed to impacted individuals on April 15, 2022. Free credit monitoring services were provided to qualified persons.

The breach is not yet posted on the HHS’ Office for Civil Rights breach site, thus it is uncertain how many persons were impacted.