Health Care Management Solutions LLC, a West Virginia-based consulting company focused on improving care quality for vulnerable populations including veterans, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected up to 500,000 individuals.
Little is currently known about the data breach as the company has yet to publicly announce the breach. There is no substitute breach notice on the company website. The OCR breach summary indicates this was a hacking incident affecting its network server(s). The extent to which protected health information has been compromised is not yet known. Notifications were issued on November 14, 2022
This post will be updated as and when further information about the incident becomes available.
Stanley Street Treatment and Resources Discloses October 2021 Data Breach
The Fall River, MA-based addiction and treatment center, Stanley Street Treatment and Resources, Inc. (STAR), has recently announced a data breach that occurred more than a year ago in October 2021. According to the STAR substitute breach notice, the breach was detected in September 2022. An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. The files included names, Social Security numbers, government ID numbers, financial account information, dates of birth, dates of service, health insurance information, and medical information.
At the time of issuing notification letters, STAR said it was unaware of any cases of misuse of patient information. STAR said it continuously evaluates and modifies its practices to ensure the privacy and security of patient information and will continue to do so in the future.
California Health Insurance Agency Suffers Data Breach Affecting 14,600 Patients
The health insurance agency, CCA Health California, has announced that the protected health information of 14,631 members of the Vitality Health Plan of California has potentially been compromised. CCA Health California acquired Vitality Health Plan of California earlier this year.
CCA Health California discovered the data breach in September 2022. Unauthorized individuals had gained access to systems containing files that included protected health information and removed some of those files between May and September this year. It was not possible to determine which specific files were accessed or downloaded, but a review of all files that could potentially have been copied confirmed they contained the following types of information: names, Social Security numbers, dates of birth, diagnosis, and treatment information, demographic information, medical record numbers, passport numbers, health insurance information, provider names, lab results, and prescription information.
CCA Health California said security safeguards have been enhanced to prevent similar breaches in the future and monitoring capabilities have been enhanced.
Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack
Innovative Service Technology Management Services, a Georgia-based outsourcing company, has suffered a ransomware attack. A threat actor gained access to its systems and potentially removed files on June 3, 2022. The files that may have been accessed or copied included the protected health information of members of its health plan. A detailed review of the files was completed on October 17, 2022, and confirmed they contained the PHI of 2,654 individuals, including names, financial account information, and other personal information. In response to the breach, a global password reset was performed and all critical applications were updated. Affected individuals have been offered complimentary membership to the Experian IdentityWorks identity theft protection service.
The post Hacking and IT Incidents Affect 563,000 Patients and Health Plan Members appeared first on HIPAA Journal.