Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health

By | January 9, 2023

Email accounts have been compromised at Legacy Hospice and Live Oak Surgery Center, and a University of Miami Health employee’s personal data breach also saw their work email account compromised, highlighting the risks of employees storing their work login credentials on personal devices.

Legacy Hospice Email Account Breach Affects 21,000 Patients

Legacy Operating Company, an Alabama-based operator of Legacy Hospice facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee, has confirmed that an unauthorized third party gained access to a limited number of employee email accounts on February 11, 2022, and between April 7, 2022, and April 21, 2022. Third-party cybersecurity professionals were engaged to investigate the breach, with the investigation concluding on November 7, 2022, that protected health information was present in the compromised email accounts and may have been accessed or obtained.

The breached information included names in combination with one or more of the following types of data: Social Security numbers, taxpayer identification numbers, dates of birth, dates of death, driver’s license numbers, government identification numbers, financial account information, credit or debit card information, passport numbers, dates of service, provider names, medical record numbers, patient numbers, general medical information, diagnostic/treatment information, surgical information, medication information, and/or insurance information.

No reports have been received about any attempted or actual misuse of patient data. Notification letters were mailed on December 23, 2022, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were affected.

Live Oak Surgery Center Email Account Brach Affects More Than 5,000 Patients

Live Oak Surgery Center in Plano, Texas, has confirmed that the email accounts of two employees were accessed by unauthorized individuals between August 10, 2022, and September 27, 2022. The forensic investigation and review of the affected email accounts concluded on November 17, 2022, when it was confirmed that the email accounts contained names, along with one or more types of the following data: financial account information, date of birth, payment card information, medical information, health insurance information, passport number, Social Security number, driver’s license number, state identification number, and/or username/password. Live Oak Surgery Center is unaware of any misuse of patient data.

Additional email security measures have been implemented to prevent further account breaches. The breach has been reported to the HHS’ Office for Civil Rights as affecting 5,264 patients.

Personal Data Breach Results in Impermissible Disclosure of PHI of University of Miami Health Patients

University of Miami Health System (UHealth) has recently announced that the protected health information of 973 patients has potentially been compromised as a result of an employee’s personal data breach. The employee in question was a victim of identity theft, with the third party responsible also stealing the credentials for the employee’s work email account. A review of the email account revealed it contained patient information such as names and medical record numbers. That information was found and forwarded to a third-party email account. UHealth said no evidence was found to indicate any Social Security numbers or financial information was compromised.

The post Email Account Breaches Reported by Legacy Hospice, Live Oak Surgery Center, University of Miami Health appeared first on HIPAA Journal.