Zenith American Solutions, a third-party administrator for the Sound Health and Wellness Trust, has recently notified individuals about a mailing error that exposed individuals’ Social Security numbers. According to the breach notification, a mailing was sent to individuals on June 24, 2022, advising them to complete their Personal Health Assessments or Health Profiles to enroll in the 2023 Health Reimbursement Account.
The file used for printing the mailing labels included individuals’ full Social Security numbers, which were printed in full on the mailing labels along with full names, postal addresses, and unique ID numbers. The mailing labels also indicated an individual had enrolled in the Sound Health and Wellness Trust.
Zenith American Solutions said it has implemented new quality control procedures to ensure there are no similar incidents in the future and affected individuals have been offered complimentary credit monitoring and identity theft protection services for 24 months.
The breach was reported to the HHS’ Office for Civil Rights as affecting 37,146 individuals.
Centerstone Reports Breach of Email Environment
Centerstone, a national provider of mental health, addiction recovery, residential care, therapeutic foster care, counseling, and crisis services, has recently announced that the protected health information of certain current and former Centerstone clients has been exposed and potentially obtained by unauthorized individuals.
Unusual activity was detected in the Centerstone email environment on February 14, 2022. Steps were immediately taken to secure email accounts by performing a password reset, and an investigation was launched to determine the nature and scope of the security breach. The investigation confirmed that three employee email accounts had been accessed by an unauthorized third party between November 4, 2021, and February 14, 2022.
A comprehensive review of the affected email accounts was completed on July 12, 2022, and confirmed they contained individuals’ protected health information such as names, addresses, Social Security numbers, birth dates, client ID numbers, medical diagnoses, treatment information, and/or health insurance information.
Centerstone has reported the breach to the HHS’ Office for Civil Rights, but the breach is not yet showing on the OCR breach portal, so it is unclear how many individuals have been affected. Centerstone said it has implemented additional safeguards to better protect its email environment.
Southwest Behavioral & Health Services Reports Breach of Employee Email Account
Southwest Behavioral & Health Services, a Phoenix, Az-based provider of outpatient mental health treatment and psychiatric services, has recently notified 1,337 individuals that an unauthorized third party gained access to the email account of an employee. The email account contained individuals’ names, dates of birth, addresses, email addresses, resume information, medical diagnosis information, Social Security numbers, and phone numbers.
The breach was identified on July 15, 2022, and was confirmed to have occurred on May 5, 2022. Notification letters were sent to affected individuals on August 1, 2022. No evidence was found to indicate any theft of PHI; however, as a precaution, affected individuals have been offered a complimentary membership to identity theft protection services through IDX.
Southwest Behavioral & Health Services said further safeguards have been implemented to prevent further email data breaches and additional security awareness training has been provided to the workforce.
The post Zenith American Solutions Reports Mailing Error that Exposed SSNs of 37,000 Individuals appeared first on HIPAA Journal.