Brownwood, Texas-based Cross Timbers Health Clinics, operating under the brand AccelHealth, suffered a ransomware attack on December 15, 2021, which prevented the Federally Qualified Health Center from accessing certain files and folders on its network. AccelHealth engaged third-party forensics specialists to investigate the security breach who determined unauthorized individuals first gained access to its network on December 9, 2021.
During the 6 days when network access was possible, the attackers may have viewed or acquired files containing patient information. A comprehensive review of all files on the compromised parts of the network revealed they contained the protected health information of 48,126 patients, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, health insurance information, medical record numbers, and treatment and diagnosis information.
No evidence was found of data exfiltration and, at the time of issuing notification letters, no reports had been received to suggest any actual or attempted misuse of patient data. AccellHealth said additional technical security measures are being implemented to prevent further cyber attacks and affected individuals have been offered complimentary credit monitoring services.
Pace Center for Girls Discovers 11-Month System Breach
Pace Center for Girls, a Jacksonville, FL-based 6-12 education program for at-risk teenage girls, has discovered certain infrastructure systems were accessed by unauthorized individuals who may have viewed or acquired the sensitive data of current and former students.
The security breach was detected in the week of December 13, 2021, with the investigation confirming certain parts of its IT infrastructure had been compromised in January 2021. The affected parts of its systems contained information such as students’ full names, addresses, phone numbers, dates of birth, Florida Department of Juvenile Justice identification numbers, enrollment data, behavioral health information, and parent/guardian names.
Pace Center for Girls said a third-party cybersecurity firm was hired to help secure its network and physical computer access and assess its data protection and gateway security systems. Additional security measures will be implemented, as appropriate, to better protect against unauthorized access. Affected individuals have been advised to place fraud alerts with Experian, Equifax, and TransUnion to identify any fraudulent use of their personal information. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 18,300 individuals.
The post Hacking Incidents Reported by AccelHealth and Pace Center for Girls appeared first on HIPAA Journal.