PHI Exposed Because of Hacking Incidents in 3 HIPAA-Regulated Entities

PHI of Nearly 69,000 Individuals Exposed in Comstar Hacking Incident

Comstar located in Rowley, MA offers ambulance billing, collection, ePCR Hosting, and patient/client services. It learned that an unauthorized third party obtained access to certain sections of its servers that stored files containing personally identifiable information and protected health information (PHI) of persons. A number of those files were verified to have been accessed.

The substitute breach notice didn’t say when the incident took place, nevertheless, it was noticed on or approximately March 26, 2022. An assessment of the affected files revealed they comprised details like names, birth dates, Social Security numbers medical examination and medicine data, and medical insurance data. Comstar stated it already had tight security procedures set up, an analysis was done of its guidelines and protocols with regards to data privacy, and measures will be undertaken to further secure against identical breaches down the road. There was no proof of information theft or misuse of data found; nonetheless, as a preventative measure, Comstar provided free credit monitoring and identity theft protection services.

The breach report was sent to the HHS’ Office for Civil Rights stating that 68,957 persons were impacted.

Hacking Incident at Alliance Physical Therapy Partners

Alliance Physical Therapy Partners based in Grand Rapids Charter Township, MI, previously known as Agility Health, has reported that an unauthorized third party gained access to selected systems inside its network that included patients’ PHI. The healthcare provider detected the breach on December 27, 2021, and confirmed on January 7, 2022, the compromise of patient information. The unauthorized access happened from December 23, 2021 to December 27, 2021. A thorough assessment of all possibly impacted files was done on April 19, 2022.

Alliance Physical Therapy Partners stated guidelines and procedures were evaluated and further cybersecurity safety measures were put in place.

The breach is not yet posted on the HHS’ Office for Civil Rights portal, thus it is presently uncertain how many persons were impacted.

Hacking Incident at 90 Degree Benefits Minnesota

90 Degree Benefits Minnesota reported that it encountered a data breach on February 27, 2022, which impacted a number of its IT systems. 90 Degree stated the forensic investigation could not verify whether personal data was seen or obtained and there were no reports of actual or attempted misuse of personal data; nevertheless, unauthorized access and information theft cannot be excluded.

The evaluation of the impacted files revealed they included names, birth dates, Social Security numbers, telephone numbers, addresses, and medical data. 90 Degree stated security procedures were improved to stop the same occurrences later on. Impacted persons were informed on June 9, 2022, and were provided free credit monitoring and identity theft protection services.

The breach is not yet posted on the HHS’ Office for Civil Rights portal, therefore it is presently unknown how many people were impacted.