San Juan Regional Medical Center has lately informed thousands of its patients regarding a security breach that took place in the fall of 2020. The medical center in Farmington, NM uncovered that an unauthorized person accessed its network on September 8, 2020. Quick action was undertaken to avert further unauthorized access and an inquiry was started to find out the nature as well as the scope of the breach.
The forensic investigation showed the hacker exfiltrated data from September 7th to 8th. A manual analysis of those data files affirmed they comprised the protected health information (PHI) of 68,792 individuals. The types of data in the data differed from patient to patient and contained names combined with at least one of these data elements:
Dates of birth, driver’s license numbers, financial account numbers Social Security numbers, passport details, medical insurance details, diagnoses, treatment data, patient account numbers, and medical record numbers.
Though data theft was established, no proof was found to show any of the stolen PHI was misused. Free of charge credit monitoring services have been provided to people whose SSN was exposed. Steps have likewise been taken to secure its system and strengthen internal systems to stop even more safety breaches.
Email Error Reported by Springfield Psychological
Springfield Psychological in Pennsylvania has informed a number of existing, past, and potential patients regarding an email error that exposed email addresses. A regular marketing email was delivered on June 9, 2020; nevertheless, instead of having the recipients’ email addresses concealed, the email was mailed in a manner that made recipients’ email addresses readable to all recipients.
Besides knowing the people as having gotten or deemed getting medical care services from Springfield Psychological, the only details compromised were email addresses.
Springfield Psychological got in touch with the HHS’ Office for Civil Rights concerning the incident in late 2020 and on May 25, 2021, OCR advised Springfield Psychological that the occurrence was a reportable breach as per HIPAA. Impacted persons were then immediately alerted.
Coastal Medical Group Encounters Hacking and Data Theft
Coastal Medical Group based in Old Bridge, NJ, a gastroenterology and internal medicine expert, has encountered a security breach wherein patient information has likely been exposed. The practice, which is mentioned as permanently shut down, learned about the breach on April 21, 2021.
The investigation reveals systems were earliest breached on March 25, 2021. In accordance with a statement given by the practice, incident response and recovery methods were promptly carried out, and the practice worked instantly to examine the security of its systems and hinder further suspicious access.
The investigation established that the attacker obtained files comprising PHI, including full names, house addresses, birth dates, other demographic and contact data, Social Security numbers, insurance details, diagnoses, and treatment data.
The practice has advised all affected individuals via mail and has given free credit monitoring and identity theft protection services. Steps have additionally been undertaken to protect its networks to avoid any more breaches.
It is unknown at this time how many persons were impacted.