Cedar Park, TX-based Dental Well being Administration Options (DHMS), a supplier of dental companies to the federal government/army and personal sufferers has not too long ago introduced – by way of its authorized counsel – that the protected well being info of sure sufferers was uncovered in a 2021 hacking incident. In a February 2023 notification to the Maine Legal professional Normal, DHMS mentioned it detected a community intrusion on or round August 20, 2021, with the forensic investigation confirming its community was compromised on July 17, 2021.
A complete evaluation was carried out of all recordsdata that had been probably accessed or acquired within the assault and confirmed that 3,205 people have been affected. The sorts of info uncovered assorted from particular person to particular person and should have included names, addresses, medical info, medical insurance info, Medicaid identification numbers, driver’s licenses, account and routing numbers, and Social Safety numbers.
DHMS mentioned it has modified passwords and carried out multifactor authentication and supplied affected people complimentary credit score monitoring and identification safety companies. The notification letter lacks a proof of why it took 18 months from the date of discovery of the breach for notification letters to be despatched when the HIPAA breach notification rule requires notifications to be issued inside 60 days or when the breach occurred.
Aloha Nursing Rehab Centre Breach Impacts 20,000 Sufferers
Aloha Nursing Rehab Centre in Kaneohe, Hawaii, has not too long ago reported an information breach to the HHS’ Workplace for Civil Rights that has affected 20,216 sufferers. In response to the notification despatched to the Maine Legal professional Normal, its IT methods had been accessed by an unauthorized particular person on or round July 8, 2022. That particular person accessed a restricted variety of digital data in its methods.
Get The HIPAA
Free and Fast Obtain
Delivered by way of electronic mail so please make sure you enter your electronic mail deal with appropriately.
Your Privateness Revered
HIPAA Journal Privateness Coverage
Aloha Nursing Rehab Centre mentioned the investigation and doc evaluation revealed on or round December 28, 2022, that the recordsdata accessed within the assault included affected person info. The sorts of info concerned included names, dates of beginning, Social Safety numbers, monetary account info, driver’s license numbers, and state identification numbers. Affected people had been notified by mail in February 2023 and had been supplied complimentary credit score monitoring and identification theft safety companies and can be protected by a $1,000,000 identification theft insurance coverage coverage.
The Chautauqua Heart Identifies Restricted Publicity of Affected person Data
The Chautauqua Heart (TCC) in Jamestown New York has not too long ago introduced that the protected well being info of 747 people has been uncovered in an information breach involving its enterprise affiliate, WebPT, which gives digital medical file companies for Chautauqua Bodily and Occupational Remedy.
The incident uncovered the knowledge of Chautauqua Bodily and Occupational Remedy sufferers to different healthcare amenities throughout an improve to the EMR system on December 22, 2022. The referral report that was accessible to different healthcare clinics included names, case identify/creation date, final seen/referral dates, insurance coverage supplier, remedy clinic, referring doctor/doctor group identify, secondary insurance coverage info, and complete go to depend for every case. WebPT has confirmed that scientific notes from the preliminary analysis weren’t accessible.
Because of the restricted nature of the information concerned, and the truth that the knowledge was solely uncovered to HIPAA-covered entities, the dangers to sufferers are believed to be minimal; nonetheless, all people had been notified concerning the publicity in January. Entry to the report was disabled inside 19 hours of discovery of the publicity, an evaluation was carried out to establish the reason for the breach, the employees was retrained, and statements had been obtained from all affected clinics confirming that there had been no use or additional disclosure of the report.