CorrectHealth Notifies 54,000 Patients About November 2021 Email System Breach
Alpharetta, GA-based CorrectHealth is notifying patients about a breach of its email environment. The breach was detected on November 10, 2021, with the investigation confirming several employee email accounts had been accessed by an unauthorized individual. Legal counsel for CorrectHealth said the third-party forensic investigation of the data breach concluded on January 28, 2022, and confirmed patients’ protected health information was present in the breached email accounts.
A comprehensive review of the affected accounts was conducted between March 2022 and July 2022 to determine the specific information that was affected, which confirmed names, addresses, and Social Security numbers had been exposed. CorrectHealth said it is unaware of any misuse of patient information.
Notification letters were sent on August 25, 2022, and complimentary credit monitoring and identity theft protection services have been offered to affected individuals. In response to the breach, CorrectHealth has implemented additional safeguards, including deploying an advanced phishing service, putting disclaimers on all externally received emails, implementing multi-factor authentication for administrative staff, and a single sign-on solution for clinical staff. CorrectHealth is also conducting weekly data security and monthly simulated phishing training for all employees.
The breach was reported to the Maine attorney general as affecting 54,066 individuals.
Email Accounts breached at Gifted Healthcare
Metairie, LA-based Gifted Healthcare has reported a security breach involving the protected health information of its patients. While the incident appeared to be confined to a single email account, the investigation revealed three email accounts had been compromised between August 25, 2021, and December 10, 2021. Gifted Healthcare did not say when the breach was detected, but the review of the affected email accounts was completed on July 25, 2022. Notification letters were sent to affected individuals on August 25, 2022.
Data compromised in the incident included names, addresses, driver’s license numbers, Social Security numbers, financial information, health insurance information, and medical information. The breach was reported to the Maine attorney general as affecting 13,770 individuals.
Ransomware Attack Impacts Brasseler Patients
Savannah, GA-based Peter Brasseler Holdings, LLC, has recently confirmed it was the victim of a ransomware attack. The attack was detected on June 24, 2022, with the investigation confirming files containing individuals’ protected health information were stored on parts of the affected systems and may have been viewed or obtained in the incident. The breach also affected its subsidiaries, Brasseler U.S.A. Dental, LLC and Brasseler U.S.A. Medical, LLC.
The investigation into the breach is ongoing, but it has been confirmed that the following types of information were potentially compromised: names, government-issued identification numbers such as Social Security numbers, driver’s license numbers, and passport numbers; financial account information, such as debit card and credit card numbers; medical and insurance information; and other information, such as dates of birth.
The breach was reported to the Maine attorney general as affecting 3,353 individuals. Affected individuals have been offered a complimentary 24-month membership to Experian’s IdentityWorks credit monitoring and identity theft protection service.
UF Health Shands Employee Snooped on Records of Almost 1,000 Patients
UF Health Shands has recently confirmed that a former employee accessed the records of 941 patients without authorization between April 27, 2021, and July 21, 2022. When the unauthorized access was detected, the employee’s access to patient information was suspended pending a full investigation, which confirmed that the employee viewed patient information such as names, addresses, phone numbers, diagnoses and conditions, and some health insurance information.
UF Health Shands said the individual is no longer employed by UF Health Shands.
The post PHI Compromised in Incidents at CorrectHealth, UF Health Shands, Peter Brasseler, & Gifted Healthcare appeared first on HIPAA Journal.