Irvine, CA-based Smile Brands, a provider of support services for dental offices, has recently provided an update on the number of individuals affected by a ransomware attack that was discovered on April 24, 2021. The attackers gained access to parts of its system on April 23, 2021, that housed files that contained individuals protected health information, including names, addresses, telephone numbers, dates of birth, Social Security numbers, financial information, government-issued ID numbers, and health information.
The breach was initially reported to the HHS’ Office for Civil Rights in June 2021 as affecting 1,200 individuals, but the breach report was later amended to indicate up to 199,683 individuals had been affected. However, in the latest update to the Maine attorney general, the breach has been reported as affecting up to 2,592,494 individuals. The initial notice to the Maine attorney general was submitted on October 8, 2021.
Smile Brands said affected individuals have been offered a complimentary 12-month membership to a credit monitoring service, which includes identity theft assistance services and a $1 million identity theft insurance policy.
Malware Potentially Allowed Hackers to Access ArCare Patient Data
Arcare, a provider of primary care and behavioral health services in Arkansas, Mississippi, and Kentucky has confirmed that patient data was potentially accessed by unauthorized individuals in a cyberattack that was discovered on February 24, 2022. Malware was identified on its network which caused a temporary disruption to its services. Prompt action was taken to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the incident.
The investigation confirmed on March 14, 2022, that the attackers may have accessed sensitive data between January 18, 2022, and February 24, 2022. A review of the affected files was completed on April 4, 2022, and confirmed they contained names, Social Security numbers, driver’s license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information.
While data has been exposed, no evidence has been found of any actual or attempted misuse of patient data. ARcare said it has updated its policies and procedures relating to data protection and security and sent notification letters to affected individuals on April 25, 0222.
The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal so it is currently unclear how many individuals have been affected.
Unencrypted Laptops Stolen from Home of Employee of Onehome Health Solutions
Two unencrypted laptop computers have been stolen from the home of an employee of the Miramar, FL-based home-based healthcare provider, Onehome Health Solutions.
The theft was discovered on March 3, 2021, and the incident was reported to law enforcement. A forensic analysis determined the laptop computers contained the protected health information of up to 15,401 patients, including names, addresses, phone numbers, medical information, health insurance information, and the last four digits of Social Security numbers.
Onehome said all affected individuals have been notified about the exposure of their information and complimentary identity theft protection services have been offered to individuals whose partial Social Security numbers were exposed.
The post Up to 2,592,494 individuals Affected by Smile Brands Ransomware Attack appeared first on HIPAA Journal.