K and B Surgical Center in Beverley Hills, CA has discovered an unauthorized individual gained access to its computer network. The security breach was detected on March 30, 2021, with the third-party forensic investigation confirming its network was compromised between March 25 and March 30.
Upon discovery of the breach, steps were taken to prevent further unauthorized access and an investigation was launched to determine the extent of the breach. The investigation concluded on April 27, 2021 that the attacker gained access to parts of the network that contained the protected health information of patients.
Data mining was performed on the affected servers to determine which types on information had been exposed and the patients that had been affected. K and B Surgical Center said in its September 3, 2021 breach notification letters that it took until July 27 to obtain a finalized list of affected patients.
The types of information potentially accessed and/or exfiltrated included the following data elements: Names, addresses, phone numbers, driver’s license numbers, diagnoses, treatment and prescription information, provider names, patient IDs, Medicare/Medicaid numbers, lab test results, health insurance information, and treatment cost information. At the time of issuing notification letters, no reports had been received of any cases of actual or attempted misuse of patient data as a result of the security breach.
In total, notification letters have been sent to 14,772 individuals. K and B Surgical Center has offered 12 months of complimentary credit monitoring and identity theft restoration services to affected individuals as a precaution against identity theft and fraud.
Following the security breach, passwords were changed for all user accounts, VPN connections, and email accounts and new anti-virus security systems and threat monitoring programs were installed on all computers. The workforce has been retrained on security, its Security Rule risk analysis has been updated, and periodic security audits will be conducted to identify potential vulnerabilities.
Healthpointe Medical Group Notifies Patients About Hacking Incident
Healthpointe Medical Group in Portland, OR has notified certain patients about a hacking incident and the exposure of their protected health information.
Healthpointe discovered suspicious activity on certain servers on or around June 9, 2021. Steps were promptly taken to secure its IT systems and a leading computer forensics firm was engaged to investigate the nature and scope of the breach. On or around July 7, 2021, the investigation confirmed the attacker had gained access to files or folders that contained patient data. A review of those files and folders was completed on July 27 and confirmed they contained names, addresses, and Social Security numbers. Notification letters started to be sent to affected individuals in late August.
Healthpointe has performed a company-wide password reset, updated its firewalls, expanded the use of multi-factor authentication, and took other steps to enhance its security protocols. Affected individuals have been told they can avail of 12 months of identity theft protection services through IDX at no cost and will be protected by a $1 million identity theft insurance policy.
The post K and B Surgical Center & Healthpointe Medical Group Notify Patients About Hacking Incidents appeared first on HIPAA Journal.