PHI Possibly Exposed in Data Breach at Stern Cardiovascular Foundation, University Medical Center of Southern Nevada, and PrimeCare Medical

The Stern Cardiovascular Foundation (SCF) has lately reported that it encountered a data security incident last September 6, 2022, resulting in an interruption to some parts of its computer system. The healthcare provider based in Germantown, TN stated it strongly responded to the occurrence and called in third-party technical professionals to help in responding to the breach, mitigating and investigating the attack.

SCF had quickly re-established access to all computer networks and no patient service was disrupted. On September 13, 2022, SCF found out that the people responsible for the attack initially acquired access to its networks on September 4, 2022, and got access to the system up to September 6. In that time period, they might have accessed and/or extracted information, which includes the personal and health information of patients and other persons linked to SFC.

The incident investigation is in progress, however, there is no evidence that suggests gaining access to the electronic medical record system. At this point, it is not yet confirmed how many persons were impacted or the specific types of data that might have been exposed. The breach submitted to the HHS’ Office for Civil Rights indicated that 501 persons were impacted – a placeholder until the confirmation of the full scope of the data breach. SFC stated it was working with external cybersecurity specialists to address the attack and strengthen its defenses.

Patients Notified About the University Medical Center of Southern Nevada Insider Data Breach

University Medical Center (UMC) of Southern Nevada has lately notified 1,861 patients that an ex-employee has obtained access to their medical records without legit work reason. UMC discovered the HIPAA breach while reviewing medical record access in September 2022.

The investigation affirmed that the worker got access to patient files on the electronic medical record system from May 19, 2021 to September 22, 2022. The records included demographic, clinical, and insurance data. UMC stated that the person is not employed by UMC and there was no proof was found that indicates the copying, misuse, or disclosure of any information. Policies were updated as needed to avoid the same incidents later on. Employees also received additional training.

PrimeCare Medical Impacted by CorrectCare Integrated Health Data Breach

PrimeCare Medical based in Pennsylvania provides inmates of correctional facilities with healthcare services. It has reported that some of its patients were impacted by a breach that happened at CorrectCare Integrated Health, its third-party administrator. A web server misconfiguration led to the exposure online of two file directories that contained patient information like full names, dates of birth, Social Security numbers, DOC IDs, and some health data, like CPT codes and diagnosis.

PrimeCare Medical detected the breached files on July 6, 2022 and secured them in 9 hours. Unauthorized individuals may have accessed the exposed files from January 2022. Third-party specialists were helping CorrectCare strengthen the protection of its systems to keep client data secured.

PrimeCare Medical states the PHI of 22,254 persons was compromised. Those people got healthcare services from July 1, 2018 to July 7, 2022.