PHI Exposed Due to the University of Florida Health Shands, St. Paul’s PACE and St. John’s Well Child and Family Center Breaches

University of Florida Health Shands has found out that an old employee has accessed the medical information of 1,562 patients without valid authorization.

The HIPAA violations were identified on April 7, 2021. The provider quickly blocked the employee’s access to health files pending an investigation. The investigation affirmed the worker had been viewing patient medical records with no valid work reason for doing so from March 30, 2019 to April 6, 2021.

The following types of information might have been viewed: names, phone numbers, addresses, birth dates, and lab test results, however no Social Security numbers, financial data, or health insurance data was compromised.

University of Florida Health Shands is convinced that no PHI was stolen or further breached; nevertheless, as a safety precaution, affected people were provided one year of complimentary credit monitoring services.

Third-Party Breach Affects Patients of St. Paul’s PACE

Community Eldercare of San Diego, doing business as St. Paul’s PACE, was impacted by a breach that occurred at one of its suppliers. Health plan management company, PeakTPA, provides billing and other admin services to St. Paul’s PACE. PeakTPA experienced a cyberattack on December 31, 2020 that resulted in the compromise of the records of selected St. Paul’s PACE patients.

Even though the cybercriminal gang behind the attack was not brought up in its breach notice, PeakTPA stated the FBI split up the gang on January 27, 2021 and that all stolen documents in the attack were retrieved. The timing indicates the Netwalker ransomware gang may have done the attack.

PeakTPA stated that the attackers might have gotten information such as names, addresses, dates of birth, medication details and Social Security numbers. Affected persons received offers for 3-years free credit monitoring, fraud consultation, and identity theft restoration services by Kroll. PeakTPA stated that it has implemented extra security measures to avert similar breaches later on.

Cyberattack Impacts 29,000 Patients of St. John’s Well Child and Family Center

St. John’s Well Child and Family Center, Inc. located in West Sacramento, CA is sending notifications to 29,030 people about a cyberattack on February 3, 2021 that resulted in the potential exposure of some of their protected health information.

When the family center discovered the attack, it took steps promptly to secure its systems and engaged third-party cybersecurity specialists to assist with the breach investigation. The investigation affirmed that the attackers probably accessed or obtained PHI like names, Social Security numbers, and other personal or medical data.

People who had their Social Security number likely compromised were offered complimentary credit monitoring and identity theft protection services for a year.