Avem Health Partners, an Oklahoma City-based provider of administrative and technology services to healthcare organizations, has recently started notifying its healthcare clients about a data breach that occurred at one of its vendors, 365 Data Centers.
On September 9, 2022, 365 Data Centers notified Avem Health Partners that an unauthorized third party had gained access to its servers. The breach was detected on May 16, 2022, with the investigation confirming there may have been unauthorized access to data stored on those servers prior to May 14, 2022. Avem Health Partners did disclose in its website substitute breach notice when its vendor’s servers were first breached.
A review of the files on the compromised servers confirmed that protected health information such as patient names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and diagnosis and treatment information had been exposed. Avem Health Partners is issuing breach notification letters to affected individuals on behalf of its vendor and complimentary credit monitoring and identity theft protection services have been offered to individuals who had their Social Security numbers or driver’s license numbers exposed. Avem Health Partners said it is re-evaluating its vendor relationships and the security measures that its vendors have implemented.
The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal, but the website of the Texas Attorney General indicates 73,134 individuals have been affected.
Emory Healthcare Reports Insider Data Breach
Atlanta, GA-based Emory Healthcare has recently announced that a former employee has accessed the records of approximately 1,600 patients without authorization. Emory Healthcare was notified about the privacy breach by the U.S. Department of Labor (DOL) on August 24, 2022. An investigation was immediately launched and access logs were checked, which confirmed that the records of patients had been accessed by the employee between December 2020 and December 2021 when there was no legitimate work reason for doing so. Over the space of one year, the records of at least 1,600 patients were accessed.
According to the DOL, the former Emory Healthcare employee is known to have disclosed the demographic information of several hundred Emory Healthcare patients to individuals who were involved in unemployment benefits fraud. The DOL and the U.S. Department of Justice (DOJ) have charged eight individuals in connection with the fraud, including the former Emory Healthcare employee. Emory Healthcare said it cooperated fully with law enforcement during the investigation, arrest, and prosecution of those individuals. Notification letters are now being sent to all affected individuals, who have been offered free credit monitoring and identity theft protection services.
The data stolen included names, dates of birth, and Social Security numbers. Health information, insurance details, and financial information did not appear to have been stolen. Emory Healthcare said it has reinforced privacy and security education with its patient care teams and is continuing to implement best practice technology protocols to protect patient data and detect unauthorized access.
The post Avem Health Partners and Emory Healthcare Notify Patients About Data Breaches appeared first on HIPAA Journal.