Security Incidents at People Incorporated and My Choice HouseCalls Potentially Impacts PHI

in Minnesota provides integrated behavioral and mental health services. 27,500 of its patients are receiving notification regarding the exposure of some of their protected health information (PHI) contained in an email account due to a data breach from April 28, 2020 to May 4, 2020.

The provider took immediate action to prevent continued email account access and launched an investigation to find out the nature and extent of the data breach. Third-party cybersecurity specialists helped in the conduct of a manual account review and People Incorporated confirmed on September 8, 2020 that there were personal data and PHI of patients contained in the email accounts. Although a third party had accessed the email accounts, there is no evidence that suggests the theft or misuse of any information.

The following PHI were included in the compromised accounts: names, birth dates, addresses, treatment data, medical record numbers and insurance details. The financial account details, Social Security numbers, health insurance data, and state identification numbers or driver’s licenses were also compromised for some individuals. People whose Social Security numbers were possibly compromised received offers of credit monitoring services.

People Incorporated already took steps to identify threats and remediate them more quickly down the road. Extra technical security procedures were put in place, and employees were provided with training on identifying and handling of malicious emails.

My Choice HouseCalls Burglary Potentially Impacts PHI

My Choice HouseCalls in Jacksonville, Florida provides in-home primary care. Thieves broke into its administrative offices and stole a number of computers on or around September 3, 2020. Though law enforcement has already received a report of the theft, the stolen computers were not recovered yet.

A forensic investigation confirmed that the content of computers included the following types of patient data: names, addresses, names and routes of providers, facilities accessed by patients, patient profile images, types of consultations, medical histories, diagnoses, names of medical equipment supplier, the organizations offering home health services and their information, insurance data and patient and provider contact details.

My Choice HouseCalls is currently imposing whole drive encryption to avert the exposure of patient data in case of another break-in. The breach report forwarded to the HHS’ Office for Civil Rights indicates that there were 3,370 patients affected.