St. Luke’s Health has just informed 16,906 patients about the exposure of some of their protected health information (PHI) because of a security breach that happened at its consulting services vendor. On November 5, 2021, an unauthorized individual accessed the email accounts of two Adelanto Healthcare Ventures (AHCV) employees.
AHCV launched an investigation of the security incident, which at first stated no patient data were exposed; nevertheless, a succeeding review revealed that the data of some St. Luke’s Health patients were included in the email accounts. The attackers may have accessed or obtained the information. The compromised data included names, birth dates, addresses, Social Security numbers, dates of service, Medicaid numbers, medical record numbers, and a few clinical data, for example, treatment and diagnosis codes. AHCV notified St. Luke’s Health concerning the breach on September 1, 2022
Based on the breach notification letters posted on St. Luke’s Health website, no report was received that indicates the misuse of any patient data; nevertheless, as a preventative measure, AHCV is giving impacted persons free identity theft and credit monitoring services.
Presently, St. Luke’s Health is just getting back up from a ransomware attack over a month ago on CommonSpirit Health, its parent company. CommonSpirit Health is still dealing with company operation disruptions due to the attack. However, the MyChart patient portal has been restored and companies can already access the electronic health records of patients.
Cyberattack and Data Breach at Tift Regional Health System
Tift Regional Health System (TRHS) located in Tifton, GA, has lately reported the compromise of its systems and the potential access and theft of some patients’ PHI by the attackers. The unauthorized network access happened around August 16, 2022. Immediate action was undertaken to keep its systems secure. TRHS launched an investigation to find out the nature and extent of the attack.
TRHS mentioned that even if the files on its systems were not encrypted, there was no reported access to its electronic medical record system. Still, the forensic investigation cannot exclude the possibility of unauthorized access and theft of patient data files. The following types of information are found in the files on the breached section of the network: patient ID numbers, Social Security numbers, driver’s license numbers, medical data, treatment data, diagnosis data, medical insurance details, and birth dates.
TRHS stated it is going over its current guidelines and procedures concerning cybersecurity and extra safety measures are being assessed to avoid this type of occurrence later on. The breach report submitted to the HHS’ Office for Civil Rights indicated that 500 persons were affected. That number is frequently utilized as a placeholder until everything about the breach is understood.
Health and Welfare Benefit Plan Member Data Exposed Due to Wenco Management Breach
The PHI of 20,526 workers of Wenco Management, LLC, was compromised and possibly stolen by unauthorized persons. Wenco Management manages Wendy’s fast-food chain. The employees affected by the breach were Health and Welfare Benefit Plan members.
Wenco Management discovered the breach last August 21, 2022. After securing its systems, it launched a forensic investigation to find out the nature and extent of the breach. It was confirmed that an unauthorized person got access to its network and possibly viewed and stole employee files that contained names, plan selection data, and Social Security numbers. The breach happened on the same day Wenco Management discovered and blocked it. Impacted persons were provided free credit monitoring services. Wenco Management stated it is improving the safety of its systems to avoid more data breaches down the road.