PHI Exposed in 3 HIPAA-Covered Entities’ Data Breaches

Texas Tech University Health Sciences Center has announced the compromise of the protected health information (PHI) of 1,290,104 patients because of a data breach that occurred at Eye Care Leaders, its electronic medical record vendor.

Eye Care Leaders stated it identified a security breach on Dec. 4, 2021, and shut down the affected systems within 24 hours. Texas Tech University Health Sciences Center mentioned it got the findings of the forensic investigation on April 19, 2022. The compromised files involved the following data elements: name, phone numbers, physical address, email, gender, date of birth, driver’s license number, health insurance details, medical record number, appointment data, social security number, as well as medical data associated with ophthalmology services. There is no evidence of data theft found.

In the last few weeks, the number of eye care providers identified to have been impacted by the Eye Care Leaders data breach is growing. No less than 23 eye care companies have said they have been affected and the PHI of about 2 million individuals is found to have been exposed.

1.24 Million Baptist Health Individuals’ PHI Potentially Exposed in a Cyberattack

Baptist Health has lately begun sending notifications to patients regarding a cyberattack that was identified on April 20, 2022, that involved malicious code installed on its network. Based on the announcement, an unauthorized individual got access to some Baptist Health systems between March 31 and April 24, 2022. During that time of access, several pieces of information were removed from its systems.

When the breach was discovered, user access was stopped, the breached systems were removed to avoid further unauthorized access, and cybersecurity measures were enforced. The portions of the system that were accessed included the data of patients of Baptist Medical Center based in San Antonio and Resolute Health Hospital located in New Braunfels in Texas and contained names, dates of birth, addresses, medical insurance details, health record numbers, dates of service, names of provider and facility, major complaint/reason for a visit, consultation procedures and diagnosis data, Social Security numbers, and billing and claims details.

Baptist Health stated it is enhancing its security and monitoring functions to lessen the chance of further data breaches. People have already been alerted and those whose Social Security numbers were possibly compromised have received complimentary credit monitoring and identity protection services.

Baptist Health has submitted the breach report to the HHS’ Office for Civil Rights indicating that 1,243,031 persons were impacted.

Medical Record Breach Reported by Santa Barbara County Department of Behavioral Wellness

Santa Barbara County Department of Behavioral Wellness based in California has lately made an announcement that a staff member obtained access to the medical records of patients without consent. The department detected the unauthorized access on March 30, 2022, after it enforced a new security system for identifying unauthorized medical record access, which quickly flagged the HIPAA breach.

The health record system access of that employee was terminated without delay pending an investigation. The staff member involved went through appropriate disciplinary measures. The information accessed by the employee had names, telephone numbers, addresses, email addresses, Social Security numbers, insurance details, medical data, and medical record numbers. There is no proof found that suggests that any patient details were printed, sent externally, or written down. The department mentioned it is going to conduct additional security audits later on and will be upgrading client outreach processes to avert any recurrences.

The department already sent breach notification letters to all affected people. The breach isn’t yet listed on the HHS’ Office for Civil Rights web page, therefore it is uncertain how many people were impacted.