A2Z Diagnostics, a specialist diagnostic testing laboratory in New Jersey, has begun alerting patients about the inclusion of some of their protected health information (PHI) in employee email accounts that were accessed by unauthorized individuals.
Upon being aware of the breach, A2Z promptly secured the email accounts and third-party cybersecurity specialists investigated the breach to find out whether any emails or attachments were accessed or obtained in the attack. A2Z Diagnostics found out on June 28, 2021 that the compromise of accounts happened from February 2, 2021 to April 2, 2021. Some of the accounts included the personal data and PHI of people who had tests carried out at its lab; nevertheless, there was no evidence found that suggested the viewing or theft of any emails during the attack.
The types of information in the accounts differed from one individual to another and might have contained full names along with one or more of the following types of data: Social Security number, date of birth, state identification or driver’s license number, medical diagnosis, or clinical data, treatment type or area, name of the doctor, health insurance details and/or medical procedure details. A2Z stated just a limited number of persons who got testing services were affected.
Sending notification letters to impacted people started on July 28. Those who had their Social Security number exposed received credit monitoring services.
A2Z mentioned it has carried out essential measures to improve its technical security to decrease the risk of a similar incident later on, including bettering its multi-factor authentication application.
Vision for Hope Discovers Breach of Employee Email Account
The animal-assisted therapy charity Vision for Hope has found out that an unauthorized individual has acquired access to an employee’s email account and possibly viewed or gotten the PHI of some of the patients.
Upon discovery of the breach, an investigation was began to know the nature and magnitude of the cyberattack, which revealed the email account was compromised from February 14 to April 2, 2021. An extensive assessment of all email messages in the account was done on June 2, 2021, when it was affirmed that these types of protected health information were likely accessed: Name, Social Security number, birth date, driver’s license number, financial account number, medical treatment or diagnosis data, and/or medical insurance details. The types of information exposed differed from person to person.
Vision for Hope stated it believes no data in the account has been misused for the reason of committing fraud or identity theft. On August 3, 2021, Vision for Hope commenced sending notification letters to affected persons and has provided complimentary credit monitoring and identity theft protection services to all people who had their Social Security number and/or driver’s license number were possibly accessed.
Information security procedures are now being fortified with its staff and modifications are being made to minimize the probability of further breaches happening.