The Dallas, TX-based home help service provider, Home Care Providers of Texas (HCPT), has recently announced that unauthorized individuals gained access to its network and used ransomware to encrypt files. The security breach was detected on June 29, 2022, when staff members were prevented from accessing files. Leading third-party cybersecurity experts were engaged to investigate the incident and determine the nature and scope of the breach and confirmed that the threat actors had access to its network between June 15, 2022, and June 29, 2022. During that time, files were exfiltrated from the network that contained names, addresses, dates of birth, Social Security numbers, treatment or diagnosis information, and medication information.
The delay in issuing notification letters was due to the lengthy process of reviewing all files potentially accessed or obtained to determine which individuals had been affected. That process was completed on November 15, 2022. Affected individuals have been advised to monitor their credit reports, accounts, and explanation of benefits statements for unauthorized activity. HCPT said steps have since been taken to augment cybersecurity.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal but has been reported to the Texas Attorney General as affecting 124,363 Texas residents.
Circles of Care, Inc. Hacking Incident Affects 61,170 Individuals
Circles of Care, a Florida-based provider of behavioral care services, has recently announced that employee and patient information was potentially compromised in a September 2022 cyberattack. Suspicious activity was detected within its network on September 21, 2022, with the investigation confirming an unauthorized third party gained access to the network on September 6, 2022.
The forensic investigation confirmed on November 29, 2022, that the unauthorized third party had access to parts of the network that contained patient and employee information such as names, dates of birth, Social Security numbers, addresses, phone numbers, driver’s license numbers, bank routing and account numbers, medical account numbers, provider names, service dates, diagnoses, and medical procedure codes. That information was potentially accessed or acquired, although, at the time of issuing notifications, no reports of misuse of that information have been received. Affected individuals have been advised to be vigilant against incidents of identity theft and fraud by reviewing their account statements and explanation of benefit forms.
The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 61,170 individuals.
Community Health Network Says Tracking Technologies Impermissibly Disclosed PHI of Fishers Digestive Care Patients
Indianapolis, IN-based Community Health Network has recently announced that tracking technologies were used on the website and patient portal of its affiliated organization, Fishers Digestive Care, which resulted in patient data being impermissibly disclosed to third parties. The disclosed information included names, medical record numbers, IP addresses, appointments, insurance coverage, healthcare provider information, and conversations between individuals and others through the MyChart patient portal. The extent to which each individual was affected could not be determined and would have depended on their interactions on the website and patient portal.
Community Health Network previously reported the breach to the Office for Civil Rights as affecting up to 1.5 million patients. It is currently unclear how many Fishers Digestive Care patients have been affected, and whether they are included in the 1.5 million total.
The post Home Care Providers of Texas Announces 124K-Record Data Breach appeared first on HIPAA Journal.