Advocates Inc., a Massachusetts-based nonprofit provider of support services for individuals experiencing life challenges such as addiction, autism, brain injury, intellectual disabilities, mental health, and behavioral health, has announced it recently experienced a sophisticated cyberattack and data theft incident.
Advocates was informed on October 1, 2021, that an unauthorized individual had gained access to its network and copied files containing the sensitive data of patients and employees. A leading cybersecurity firm was engaged to assist with the investigation, which revealed an unknown individual had accessed its network and copied files over a four-day period between September 14, 2021, and September 18, 2021.
The files contained names, addresses, dates of birth, Social Security numbers, health insurance information, client ID numbers, diagnoses, and treatment information. After confirming the individuals affected, Advocate collected up-to-date contact information to allow written notices to be provided, hence the delay in issuing notification letters.
The cyberattack was reported to the Federal Bureau of Investigation and regulators. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates the protected health information of 68,236 individuals was included in the stolen files. Advocates said it is unaware of any attempted or actual misuse of the stolen information; however, as a precaution, affected individuals have been offered complimentary credit monitoring and identity theft protection services.
PHI Stolen in Cyberattack on Medical Healthcare Solutions
The Boston, MA-based medical billing company Medical Healthcare Solutions, has recently announced it was the victim of a cyberattack. The attack was discovered on November 19, 2021, and steps were immediately taken to secure its network to prevent further unauthorized access. The investigation confirmed an unauthorized individual had accessed its network between October 1, 2021, and October 4, 2021, and copied certain files from its network.
A review of the stolen files revealed they contained the following types of data: Name, address, date of birth, sex, phone number, email address, Social Security number, driver’s license/state ID number, financial account number, routing number, payment card number, card CVV/expiration, diagnosis/treatment information, procedure type, provider name, prescription information, date of service, medical record number, patient account number, insurance ID number, insurance group number, claim number, insurance plan name, provider ID number, procedure code, treatment cost, and diagnosis code.
A final list of individuals affected by the breach was obtained on January 8, and notification letters have now been issued. Complimentary credit monitoring and identity theft protection services have been offered to affected individuals. The incident has been reported to the HHS’ Office for Civil Rights, but it has not yet appeared on the breach portal, so it is currently unclear how many individuals have been affected.
The post Cyberattacks and Data Theft Incidents Reported by Medical Healthcare Solutions and Advocates Inc. appeared first on HIPAA Journal.