USV Optical, a subsidiary of U.S. Vision, has recently confirmed that the information of patients at several entities within its network has been exposed. Suspicious activity was detected within its network on May 12, 2021, with the forensic investigation confirming unauthorized individuals had access to its network for a month between April 20, 2021, and May 17, 2021. During that time, the attackers may have viewed or acquired sensitive patient data.
The breach was reported to U.S. Vision shortly after it was detected; however, at the time it was unclear which entities and patients had been affected. Nationwide Optical Group acquired or became affiliated with several U.S. Vision entities in September 2019, including Nationwide Optometry and SightCare. USV Optical started to provide administrative services to those entities around that time. Nationwide Optical Group was informed about the breach and requested U.S. Vision investigate the incident further to find out more information and recommended monitoring the dark web to determine if any sensitive data had been released. No further information was subsequently provided about any dark web detections.
On September 22, 2022, Nationwide Optical Group was informed that the review of the files on the compromised parts of the network had been completed, and it was confirmed that the following types of information had potentially been stolen: full names, dates of birth, addresses, Social Security numbers, taxpayer identification numbers, driver’s license numbers, financial account information, medical and/or treatment information, prescription medications, health insurance information, and billing and claims information. The types of information exposed varied from patient to patient.
The information provided was validated and correct contact information was obtained, allowing individual notification letters to be sent. That process was completed on October 17, 2022. Affected individuals have now been notified and have been offered complimentary credit monitoring and identity theft protection services.
Phoenix House Florida Email Accounts Compromised
Phoenix House Florida, a non-profit residential addiction treatment program provider, has recently announced that the protected health information of 6,594 patients has been exposed and potentially obtained by unauthorized individuals who gained access to certain employee email accounts.
The email accounts contained the protected health information of patients of Phoenix Programs of Florida, including names, Social Security numbers, driver’s license numbers, birth dates, credit/debit card numbers, expiry dates, and CVV codes, digitized or electronic signatures, Client IDs, medical information such as condition, treatment, or diagnosis, and health insurance information.
Phoenix House Florida did not disclose when the security breach was detected but said the email accounts were compromised between July 13, 2021, and November 1, 2021. The forensic investigation confirmed on September 2, 2022, that protected health information had been exposed, and notification letters were sent to affected individuals on October 19, 2022. No evidence was uncovered that suggested information in the email accounts was viewed or acquired. Complimentary identity theft protection services have been offered to individuals whose Social Security numbers or driver’s license numbers were involved.
The post U.S. Vision Subsidiary and Florida Addiction Treatment Center Announce 2021 Data Breaches appeared first on HIPAA Journal.