Wolfe Clinic, P.C in Iowa has recently confirmed that it was affected by the data breach at the electronic medical record provider, Eye Care Leaders. The attack exposed the protected health information of 542,776 current and former Wolfe Clinic patients.
Wolfe Clinic used the myCare Integrity medical records platform, which was accessed by an unauthorized party on or around December 4, 2021, who deleted databases and system configuration files. A forensic investigation of the security incident was conducted but the deletion of files meant there was a lack of forensic evidence, so it was not possible to determine whether the PHI of Wolfe Clinic patients was accessed or acquired in the attack. Wolfe Clinic said names, addresses, birth dates, Social Security numbers, diagnostic information, and health insurance information were potentially compromised.
At the time of issuing notifications, Wolfe Clinic had not received any reports of identity theft and fraud related to the Eye Care Leaders data breach. Affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services.
The Eye Care Leaders data breach is known to have affected at least 40 eye care providers and resulted in the exposure of the PHI of at least 3.6 million patients.
Reiter Affiliated Companies Reports June 2022 Cyberattack
Reiter Affiliated Companies, the largest fresh, multi-berry producer in the world, has recently confirmed that an unauthorized third party gained access to its network between June 25, 2022, and July 4, 2022. The attack was detected on July 4, 2022, when certain systems were made unavailable. Prompt action was taken to secure its systems to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the attack. The forensic investigation confirmed that files had been exfiltrated from its systems during the period of unauthorized access, and those files included Health and Wellness Plan enrollment rosters that contained plan member names, dates of birth, and Social Security numbers.
Affected individuals have been notified by mail and have been offered complimentary credit monitoring and identity theft protection services. Reiter Affiliated Companies said steps have been taken to improve security to prevent further data breaches in the future.
The breach has been reported to the HHS’ Office for Civil Rights by Reiter Affiliated Companies, LLC as affecting 45,000 individuals, and by the Reiter Affiliated Health and Welfare Plan as affecting 45,000 individuals.
SERV Behavioral Health System Confirms May 2022 Cyberattack
SERV Behavioral Health System in New Jersey has recently announced that it was the victim of a cyberattack in which the protected health information of 8,110 individuals was potentially compromised. The health system said the attack was detected on May 27, 2022, with the forensic analysis concluding on August 4, 2022. SERV said it found no evidence that any patient information was viewed or obtained in the attack, but it was not possible to rule out the possibility of data theft. The review of all files potentially accessed included names, contact information, Social Security numbers, driver’s license numbers, and health information.
Affected individuals have now been notified by mail and steps have been taken to improve security to prevent further attacks of this nature. The Hive ransomware gang claimed responsibility for the attack.
The post Cyberattacks Reported by Wolfe Clinic, Reiter Affiliated Companies, & SERV Behavioral Health System appeared first on HIPAA Journal.