Upstate Homecare, Consociate Health and Sarasota MRI, and have recently alerted regulators and patients regarding security incidents affecting their personal data and protected health information (PHI).
Upstate Homecare Informs 5,100 Patients Regarding Ransomware Attack
The home healthcare provider based in Albany, NY, Upstate Healthcare, has informed 5,114 patients concerning a recent ransomware attack whereby patient information was stolen.
The breach notification letters did not state clearly when the attack occurred; nevertheless, a third-party cybersecurity company conducted an investigation and determined on November 4, 2021 the theft of patient data and the posting of the information to a data leak website on the darknet.
The stolen information included full names, email addresses, physical addresses, dates of birth, telephone numbers, driver’s license numbers, Social Security numbers, bank account details, treatment data, patient ID numbers, physicians’ names, and Medicaid/Medicare numbers.
After the attack, Upstate Healthcare carried out a thorough evaluation of its security measures and has put in place extra safeguards to better secure its systems and data against pending attacks. Affected people were alerted on November 24, 2021, and received offers for complimentary access to identity theft monitoring and restoration services.
Sarasota MRI Alerts Patients Concerning Potential PHI Compromise
Sarasota MRI located in Florida has begun notifying selected patients regarding the likely breach of some of their protected health information. In late July 2020, a third-party, unaffiliated cybersecurity agency contacted Sarasota MRI to inform it about the misconfiguration of its servers, which permitted the access of information on the server.
It was confirmed that the affected server was not in use and information had been transferred to another server. In addition, an evaluation of the server showed no evidence that suggests access by unauthorized persons, apart from the security firm that discovered the wrong configuration.
Nonetheless, because it wasn’t possible to exclude the exposure of individuals’ names, birth dates, health data, and medical photos, affected persons are now being informed. Based on the breach notification letter sent to the Vermont attorney general last November 12, 2021, Sarasota moved immediately to repair the problem and performed an investigation into a possible breach, and took action to protect its systems.
Consociate Health Detects Breach at Employee Benefits Plan Administrator
Consociate Health, a company providing employee benefits programs and plan administration services, has just finished a 10-month investigation into a data breach impacting the PHI of 982 people. The investigation revealed the breach just impacted the PHI of persons from January 1, 2014, through December 31, 2015.
The types of information exposed included names, addresses, dates of birth, diagnosis codes, medical record numbers, medical insurance data, medical record data, and Social Security numbers.
There was no proof found that suggests the misuse of any PHI has however, as a safety measure, affected people got 12-months free access to identity theft monitoring services.