New Jersey Brain and Spine (NJBS) has recently announced it was the victim of a cyberattack on or around November 16, 2021, that encrypted data on its network. NJBS said it immediately took steps to secure its network and engaged a computer forensic firm to investigate the security breach. While no evidence has been found to indicate there has been any misuse of patient data as a result of the attack, the forensics firm said the attacker may have accessed files containing patient data.
A third party vendor was engaged to conduct a review of all files on its network that had potentially been accessed, and while the data mining process is ongoing, it has been confirmed that the files contained information such as names, addresses, dates of birth, email addresses, telephone numbers, social security numbers, financial account information, debit or credit card information, driver’s license numbers or other ID numbers, and medical information. Notification letters were sent to affected individuals on March 10, 2022.
NJBS said that following the breach, several steps were taken to better protect patient data, including implementing 2-factor authentication, migrating patient data to a third-party hosted cloud-based platform, and installing a new server. NJBS has also implemented an ongoing monitoring response solution that tracks user activity, services, and ports, and coordinates logging.
The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 92,453 individuals.
Highmark Inc. Patients Affected by Breach at Printing and Mailing Vendor
Highmark Inc., a Pittsburgh, PA-based non-profit healthcare company and Integrated Delivery Network has recently announced that some HIPAA-protected data has been exposed in a data breach at the printing and mailing vendor, Quantum Group, which was used by its vendor, Webb Mason, which provides marketing services to Highmark.
Webb Mason provided patient data to Quantum Group in 2017 to assist with marketing efforts for Highmark, and that information has potentially been accessed by unauthorized individuals. Highmark stressed that its own IT systems were not compromised.
Highmark reported the breach as affecting up to 67,147 individuals, who have been offered complimentary online identity monitoring services for 12 months at no cost.
Dialyze Direct Alerts Patients About PHI Exposure in Cyberattack
Dialyze Direct, a Neptune City, NJ, provider of kidney care services, has suffered a data breach that has affected up to 14,203 patients. According to a March 10, 2022 data breach notice, Dialyze Direct said it discovered on February 14, 2022, that an unauthorized individual had gained access to an employee email account between January 21, 2021, and March 4, 2021.
A comprehensive review of the email account confirmed it contained patients’ protected health information such as names, dates of birth, Social Security numbers, government identification numbers, financial account information, payment card information, and medical information that potentially includes financial identification numbers, medical diagnostic and treatment information, and/or health insurance plan information.
Notification letters have been sent to affected patients. Individuals whose Social Security numbers were potentially compromised have been offered complimentary credit monitoring services. Dialyze Direct said it has found no evidence to suggest that there has been any misuse of patient data.
The post Data Breaches Reported by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct appeared first on HIPAA Journal.