PHI Exposed Due to Breaches at Florida Internal Medicine Practice, Saint Francis Healthcare Partners and Ascension Eastwood Clinic

Daniel Bendetowicz, MD, PA is informing 3,314 patients about the exposure of their PHI because of a ransomware attack. The attack took place on March 25, 2020 bringing about the encryption of its computer systems, as well as patient files. The attack didn’t have an effect on the backup data so restoration was possible without having to pay the ransom demand.

With these kinds of ransomware attacks, the attackers usually don’t access the files before encrypting the files; nonetheless, it’s impossible to eliminate data access therefore the company mailed notification letters to impacted patients. Dr. Bendetowicz stated in the notification letters that there was a possible exposure of patient names, addresses, birth dates, Social Security numbers, medical data and medical insurance data.

As a precautionary measure, Dr. Bendetowicz provided identity theft protection services to all impacted patients and took action to enhance security to avoid other attacks later on.

Email Breach at Saint Francie Healthcare Partners

Saint Francis Healthcare Partners in Connecticut is sending notifications to 38,529 patients regarding the potential breach of their protected health information (PHI) because of an advanced cybersecurity incident that allowed an unauthorized individual to get access to its email system.

The attack transpired on December 30, 2019 nevertheless the forensic investigators just confirmed the potential exposure of patients’ PHI on March 20, 2020. The attacker may have viewed these types of data kept in the email system: names, medical record numbers, health histories, clinical and treatment details, diagnoses, dates of service account numbers, medical insurance provider names, prescription data and/or types of procedures done. There was no exposure of any financial data or Social Security numbers.

The investigation revealed no proof that indicates the access, misuse or theft of patient data. Saint Francis Healthcare Partners already took steps to enhance data security procedures and informed all impacted patients via mail.

Email Error Caused Ascension Eastwood Clinic Breach

A staff of Ascension Eastwood Clinic based in Southfield, MI dispatched an email to patients on April 15, 2020 telling about the shift of the practice to offer telehealth services as a result of COVID-19 to help avert the spread of the virus.

There was a mistake committed in the sending of the email. The employee didn’t add the patients’ email addresses on the BCC field of the message, consequently, other patients can see the patients’ email addresses. Because of the mistake, email addresses and, in certain instances, patients’ full names were exposed to other patients. Besides making it possible for a patient to be known as a patient of Ascension Eastwood Clinic, there was no other data compromised.

It was indicated at the HHS’ Office for Civil Rights breach website that the breach impacted 999 patients.