PHI Breach at Urgent Team Holdings, The Guidance Center and MetroHealth

Urgent Team Holdings Reports Breach of the PHI of 166,600 People

Urgent Team Holdings, which runs more than 70 urgent care and walk-in facilities in Alabama, Arkansas, Georgia, Tennessee, and Mississippi, has lately informed 166,601 patients that unauthorized individuals potentially obtained some of their protected health information (PHI) in a November 2021 cyberattack.

Urgent Team stated it uncovered that the compromise of its network occurred from November 12, 2021 to November 18, 2021. Helped by third-party cybersecurity specialists, Urgent Team found out that the files potentially exfiltrated from its systems contained the PHI of patients. An extensive analysis of the files was finished on January 31, 2022, and affirmed the inclusion of patients’ full names, medical record numbers, and birth dates.

Although data theft may have happened, there is no evidence of data exfiltration identified and there was no report received of any misuse of patient data. To enhance security, Urgent Team has enforced multi-factor authentication and has included additional layers of security in its networks to minimize the danger of unauthorized access. A new antivirus solution was also employed which generates notifications if there are attempts of unauthorized access to its systems.

Email Account Breach at The Guidance Center

The Guidance Center, Inc. has recently found out that unauthorized people acquired access to some personnel’s email accounts for a short time period. When the breach was discovered, the email accounts were promptly made safe, and an investigation was commenced to know the nature and scope of the incident.

Third-party cybersecurity experts assisted with the investigation to validate the protection of its computer networks and supplemental security procedures have now been used to avoid other attacks. An evaluation of the affected email accounts revealed they included patients’ protected health information. The types of compromised information varied from one individual to another and might have contained names along with one or more of these data elements: medical treatment or diagnosis data, patient record numbers, and/or health insurance details.

The Guardian Center already submitted the breach report to the HHS’ Office for Civil Rights as affecting 23,104 persons. Complimentary identity protection and credit monitoring services were provided to selected persons, based on the types of details that were breached.

MetroHealth Announces Compromise of 1,700 Patients’ PHI

MetroHealth System located in Cleveland, OH, has advised roughly 1,700 patients regarding the impermissible disclosure of some of their PHI to other patients because of an error that happened during the modernizing of its electronic health record (EHR) system.

A misconfiguration meant that whenever patient records were generated to be provided to patients, information pertaining to other individuals was inadvertently included in the records, for instance, patient names, visit data, and the healthcare providers they visited. No other personal, financial, or medical data was impacted.

The EHR provider discovered the issue and notified MetroHealth concerning the data breach on February 10, 2022. Notification letters had been delivered to impacted individuals on April 11.