PHI Exposed Due to Breaches at Elara Caring, ProPath and Cornerstone Care

Elara Caring, one of America’s largest home-based healthcare services providers, has experienced a phishing attack that impacted over 100,000 patients.

In mid-December, the provider identified suspicious activity in a number of email accounts of employees. It took prompt action to keep the accounts safe and prevent the attackers from accessing the accounts. A third-party security firm helped in investigating the breach.

The investigation affirmed that an unauthorized individual accessed several employee email accounts, though no proof was identified that suggests the attackers viewed or obtained any patient information in the email accounts. It wasn’t possible to eliminate data theft.

An analysis of the exposed email accounts revealed they held the PHI of 100,487 patients, such as names, dates of birth, Employer ID numbers, driver’s license numbers, Social Security numbers, financial/bank account details, passport numbers, addresses, email addresses and passwords, insurance data and insurance account numbers. Elara Caring offered the individuals affected by the attack complimentary credit monitoring and identity protection services.

The provider also took steps to enhance data security and has given more training on cybersecurity to its employees.

ProPath Email Accounts Breached by an Unauthorized Individual

ProPath, the United States’ biggest, countrywide, fully physician-owned pathology practice, has identified an unauthorized person who got access to two email accounts with patient records.

The unauthorized individual accessed the email accounts between May 4, 2020 and September 14, 2020. ProPath found out on January 28, 2021 that protected health information in the email accounts included the names of patients, birth dates, test orders, diagnosis and/or clinical treatment info, medical procedure details, and physician name. The Social Security number, financial account information, driver’s license number, health insurance data, and/or passport number of a limited number of people were also affected.

Persons whose Social Security number was breached were provided credit monitoring services for free. Workers have acquired additional training to aid them to identify malicious email messages and further technical security measures have now been implemented.

It is not yet confirmed exactly how many persons the incident impacted. ProPath stated most people who obtained testing from the company were not affected by the incident.

Cornerstone Care Email Account Breach Impacts 11,487 Patients

An unauthorized person accessed an email account that contains the PHI of 11,487 patients receiving services from Cornerstone Care community health centers located in Southwestern Pennsylvania and Northern West Virginia.

The provider detected the email account breach on June 1, 2020 and engaged third-party security specialists to assist investigate the breach. It was established that the breach only impacted a single corporate email account. An evaluation of the PHI included in the account was finished on January 13, 2021.

The account held the names and addresses of patients as well as, for selected people, date of birth, Social Security number, medical background, ailment, treatment procedure, diagnosis, and/or medical insurance data. Those whose Social Security number was exposed received free credit monitoring and identity theft protection services.

Cornerstone Care notified by mail the affected persons on February 25, 2021. It additionally enforced multi-factor authentication on the email accounts.