21,000 Legacy Hospice Patients Affected by Email Account Breach
Legacy Operating Company manages Legacy Hospice facilities in Arkansas, Alabama, Louisiana, Missouri, Mississippi, Oklahoma, and Tennessee. It reported that an unauthorized third party acquired access to some employee email accounts last February 11, 2022 and from April 7, 2022 to April 21, 2022. Third-party cybersecurity experts’ investigation ended on November 7, 2022, confirming that protected health information (PHI) was found in the breached email accounts and might have been viewed or acquired.
The breached data contained names along with at least one of these data elements: Social Security numbers, taxpayer ID numbers, birth dates, dates of death, government ID numbers, driver’s license numbers, financial account data, credit or debit card details, passport numbers, dates of service, medical record numbers, names of provider, patient numbers, basic medical data, diagnostic/treatment data, surgical data, medicine details, and/or insurance details.
There are no reports received regarding any attempted or actual patient data misuse. The company sent notification letters by mail on December 23, 2022, and offered free credit monitoring services to those who had their Social Security numbers exposed.
Over 5,000 Live Oak Surgery Center Patients Affected by Email Account Breach
Live Oak Surgery Center based in Plano, Texas reported that unauthorized individuals accessed the email accounts of two employees from August 10, 2022 to September 27, 2022. The forensic investigation and analysis of the impacted email accounts ended on November 17, 2022. The data in the email accounts was confirmed to have included names, together with at least one of the following types of data: birth date, financial account data, payment card details, medical data, medical insurance data, passport number, driver’s license number, Social Security number, state ID number, and/or username/password. Live Oak Surgery Center did not receive any report of patient data misuse.
Additional email security procedures were put in place to avoid other email account breaches. The breach report was submitted to the HHS’ Office for Civil Rights indicating that 5,264 patients were affected.
University of Miami Health Patients Affected by Impermissible Disclosure of PHI Due to Personal Data Breach
University of Miami Health System (UHealth) just reported the potential compromise of the PHI of 973 patients due to a breach of an employee’s personal information. The employee involved fell prey to identity theft. The third-party likewise stole the employee’s credentials for his/her email account at work. An evaluation of the email account showed it included patients’ names and medical record numbers. The third-party forward that information to its email account. UHealth stated there was no proof found that suggest the compromise of Social Security numbers or financial data.