PHI Exposed Due to Data Breaches at SuperCare Health and Englewood Health

Cyberattack on SuperCare Health Affects 318,000 Patients

SuperCare Health based in Downey, CA, a healthcare provider of post-acute, in-home respiratory care services in the Western United States, has lately begun notifying 318,379 patients concerning the exposure and potential access by unauthorized persons to some of their protected health information (PHI) as a result of a cyberattack that happened in July 2021.

SuperCare Health explained in its March 25, 2022 breach notification letters that it discovered unauthorized activity inside its IT systems on July 27, 2021. It immediately took action to secure its network and stop continuing unauthorized access. Independent cybersecurity specialists investigated the nature and scope of the attack.

The investigation established that unauthorized people got access to sections of its network between July 23, 2021 and July 27, 2021. It was possible that the attackers accessed files on the system that contained the PHI of patients. A thorough review of the contents of the files was performed, which confirmed on February 4, 2022, that they included sensitive patient data like names, addresses, birth dates, hospital/medical group, medical record numbers, patient account numbers, health insurance details, testing/diagnostic/treatment data, other health-related details, and claims data. A part of individuals likewise had their driver’s license numbers and/or Social Security numbers exposed.

SuperCare Health stated that because of the security breach, it reviewed its security procedures and implemented extra security steps to better protect the personal data and PHI of its patients.

SuperCare Health is giving affected persons a no-cost membership to an identity theft protection service, in addition to credit checking, dark web tracking, and an identity theft reimbursement insurance plan.

Englewood Health Warns 3,900 Patients Regarding PHI Exposure

Englewood Health, an acute care 289-bed teaching hospital located in Englewood, NJ, has just reported a security breach that involved the PHI of 3,901 individuals. On February 14, 2022, Englewood Health discovered that the username and password of staff were compromised, which allowed an unauthorized individual to gain access to patient names, dates of birth, and limited medical information. Englewood Health mentioned the unauthorized actor acquired access to patient information in under 40 minutes before the identification and blocking of intrusion.

Because of the breach, Englewood Health has improved its administrative, physical, and technical network controls. Patients were already informed by mail and although only a limited amount of data was compromised, complimentary credit monitoring services were provided to impacted patients.