K and B Surgical Center located in Beverley Hills, CA found out that an unauthorized individual acquired access to its computer system. The healthcare company detected the security breach on March 30, 2021, and a third-party forensic investigation affirmed the breach of its network from March 25 to March 30.
As soon as K and B Surgical Center discovered the breach, it took steps to avoid the attacker from further accessing its compuer system. It started an investigation to identify the magnitude of the breach. On April 27, 2021, the investigation came to the conclusion that the attacker acquired access to areas of the system that comprised the protected health information (PHI) of patients.
Data analysis was conducted on the breached servers to know which types of data were breached and which patients were impacted. K and B Surgical Center stated in its breach notification letters issued on September 3, 2021 that it just obtained the complete list of affected patients on July 27.
The types of information that the attacker possibly viewed and/or exfiltrated included the following: Names, telephone numbers, addresses, driver’s license numbers, diagnoses, treatment and prescription details, names of provider, Medicare/Medicaid numbers, patient IDs, laboratory test data, medical insurance data, and treatment expense details. Upon issuance of breach notification letters, there were no reports obtained concerning any incidents of actual or attempted improper use of patient information caused by the security breach.
Altogether, there were 14,772 individuals that received the notification letters. K and B Surgical Center has provided the affected individuals 12 months of free credit monitoring and identity theft restoration services as a safety measure against identity theft and fraud.
Following the security incident, passwords were altered for all user accounts, VPN connections, and email accounts. K and B Surgical Center also installed new anti-virus security systems and threat monitoring programs on all computers. The employees were retrained about security, its Security Rule risk analysis was updated, and regular security audits will be carried out to check potential vulnerabilities.
Healthpointe Medical Group Informs Patients Regarding Hacking Incident
Healthpointe Medical Group based in Portland, OR has informed some patients regarding a hacking incident and the compromise of their protected health information.
Healthpointe uncovered suspicious activity on selected servers on or around June 9, 2021 and promptly took steps to secure its IT systems. A top-rated computer forensics agency investigated the nature and magnitude of the breach. On July 7, 2021, the investigation report revealed the attacker had obtained access to files or folders that had patient records. An evaluation of those files and directories was finished on July 27 and affirmed they included names, addresses, and Social Security numbers. Healthpointe began sending notification letters to affected people in late August.
Healthpointe has done a company-wide password reset, updated its firewalls, broadened the use of multi-factor authentication, and did other steps to improve its security practices. Affected persons were advised they can get a year of identity theft protection services via IDX free of charge and will get protected by a $1 million identity theft insurance policy.