Salusive Health, the developer of the myNurse platform which helps physician practices streamline disease management, has experienced a cyberattack in which patient data was compromised.
In its breach notification letters to patients, Salusive Health explained that it identified unauthorized activity within its computer network on March 7, 2022, and immediately implemented containment, mitigation, and restoration efforts, and engaged third-party cybersecurity experts to assist with those processes. The investigation confirmed that unauthorized individuals accessed the personal and protected health information of patients, including name, gender, home address, phone number, email address, date of birth, medical history, diagnosis and treatment information, dates of service, lab test results, prescription information, provider name, medical account number, health insurance policy and group plan number, group plan provider, and claim information.
Salusive Health said it implemented additional security measures to prevent further breaches, has notified affected individuals and offered free identity theft protection services, and reported the cyberattack to the Federal Bureau of Investigation. The incident has not yet appeared on the HHS’ Office for Civil Rights’ breach portal, so it is unclear at this stage how many individuals have been affected.
Salusive Health also explained in the breach notification letters that the difficult decision has been taken to cease clinical operations by the end of business on May 31, 2022, which will allow patients to hand their chronic care management and remote monitoring services back to their primary care physicians. Salusive Health said the decision to cease operations is unrelated to the data security incident.
New Creation Counseling Center Ransomware Attack Affects 24,000 Patients
New Creation Counseling Center (NCCC) in Tipp City, OH, has recently started notifying 24,029 patients that some of their protected health information has potentially been compromised in a recent cyberattack.
A breach of its IT systems was detected on February 13, 2022, when users were prevented from accessing files on the network. Steps were immediately taken to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the breach. NCCC confirmed ransomware had been used to encrypt files, and third-party cybersecurity consultants have been assisting with the response and recovery.
NCCC said care continued to be provided to patients throughout and the ransomware has been confirmed as having been eradicated from its systems. While the investigation uncovered no evidence of data theft, it was not possible to rule it out. A review of files on the affected systems confirmed they contained names, telephone numbers, addresses, email addresses, birthdates, Social Security numbers, health insurance information, intake forms, medical releases, and treatment records.
Notifications were sent to affected individuals starting on April 12, 2022, and one year of credit monitoring services has been offered to patients at no cost.
The post Salusive Health Closes Business Following Cyberattack appeared first on HIPAA Journal.