Urgent Team Holdings, which operates more than 70 urgent care and walk-in centers in Alabama, Arkansas, Georgia, Mississippi, and Tennessee, has recently notified 166,601 patients that some of their protected health information may have been obtained by unauthorized individuals in a November 2021 cyberattack.
Urgent Team said it discovered its network had been compromised between November 12, 2021, and November 18, 2021. Assisted by third-party cybersecurity experts, Urgent Team discovered files may have been exfiltrated from its systems that contained the protected health information of patients. A comprehensive review of the files was completed on January 31, 2022, and confirmed they contained patients’ full names, dates of birth, and medical record numbers.
While data theft may have occurred, no evidence of data exfiltration was identified and there have been no reports of any misuse of patient data. To improve security, Urgent Team has implemented multi-factor authentication and has added extra layers of security to its systems to reduce the risk of unauthorized access. A new antivirus solution has also been implemented which generates alerts when there are any attempts by unauthorized individuals to access its systems.
The Guidance Center Reports Email Account Breach
The Guidance Center, Inc. has recently discovered unauthorized individuals gained access to several employee email accounts for a short period of time. Upon discovery of the breach, the email accounts were immediately secured, and an investigation was launched to determine the nature and scope of the attack.
Third-party cybersecurity consultants were engaged to assist with the investigation and to confirm the security of its computer systems and additional security measures have now been adopted to prevent further attacks. A review of the affected email accounts revealed they contained patients’ protected health information. The types of exposed information varied from individual to individual and may have included names in combination with one or more of the following data elements: medical treatment or diagnosis information, health insurance information, and/or patient record numbers.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 23,104 individuals. Complimentary identity protection and credit monitoring services have been offered to certain individuals, based on the types of information that were exposed.
MetroHealth Announces Exposure of the PHI of 1,700 Patients
MetroHealth System in Cleveland, OH, has notified approximately 1,700 patients that some of their protected health information has been impermissibly disclosed to other patients due to an error that occurred during the upgrading of its electronic health record (EHR) system.
A misconfiguration meant that when patient records were generated to be sent to patients, data relating to other patients was inadvertently included in the records, such as patient names, appointment information, and the providers they saw. No other personal, financial, or health information was involved.
The issue was identified by the EHR provider, which notified MetroHealth about the data breach on February 10, 2022. Notification letters were sent to affected individuals on April 11.
The post Urgent Team Holdings Reports Breach of the PHI of 166,600 Individuals appeared first on HIPAA Journal.