Cardiac Imaging Associates in Los Angeles, CA, has discovered an unauthorized individual has accessed an employee’s email account. The incident was detected in April 2022, and immediate action was taken to secure its email environment to prevent further unauthorized access. The forensic investigation confirmed the incident was confined to a single employee email account, which was accessed between March 30, 2022, and April 6, 2022. It was not possible to determine if any emails or file attachments were opened or acquired by the attacker.
A review of all emails and file attachments confirmed they contained protected health information such as names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, payment card information, medical diagnosis, and condition information, medical laboratory results information, medication and prescription information, and medical treatment information.
The review of emails was completed on August 17, 2022, and notification letters started to be sent to affected patients on October 7, 2022. Steps have since been taken to improve the security of its email system. It is currently unclear how many individuals have been affected.
Email Breach Affects 3,675 Patients of Centerstone of Tennessee
Centerstone, a Nashville, TN-based provider of behavioral health and addiction services, has reported a breach of its email environment. Unusual activity was detected in the email account of a Centerstone employee on February 14, 2022. The investigation confirmed that several employee email accounts had been accessed by an unknown actor between November 4, 2021, and February 14, 2022.
Those email accounts were discovered to contain the personal and protected health information of current and former Centerstone clients. The review of the affected email accounts concluded on July 12, 2022, and then a search was conducted to identify the up-to-date mailing information for those individuals. Centerstone announced the breach publicly on August 15, 2022.
The breached information varied from individual to individual and may have included the following data types: Name, address, Social Security number, driver’s license or other government ID number, passport number, alien registration number, date of birth, financial account information, biometric information, username and password, medical record number, Medicare and/or Medicaid number, medical diagnosis/treatment information, and/or health insurance information.
Additional safeguards have been implemented to improve the security of its email environment. The breach has been reported to the HHS’ Office for Civil Rights as affecting 3,675 current and former patients of Centerstone of Tennessee.
The post Email Breaches Reported by Cardiac Imaging Associates & Centerstone of Tennessee appeared first on HIPAA Journal.