St. Luke’s Health System based in Boise, ID, has just submitted a data breach report to the HHS’ Office for Civil Rights that affected 31,579 patients. The breach happened in May 2022 at Kaye-Smith, which is a billing vendor of the health system. The patients billed that month were affected by the breach. Kaye-Smith discovered the breach in June 2022 and reported it to St. Luke’s Health System on July 6, 2022.
Unauthorized people acquired access to the systems at Kaye-Smith, which kept records like patient names, insured names, phone numbers, addresses, ID numbers, dates of birth, Social Security numbers, descriptions of services, amounts charged, payment due dates, outstanding amounts, and account statuses. Kaye-Smith is investigating the breach together with the FBI to better understand how the breach occurred.
St. Luke’s Health System stated it ended its relationship with the billing provider. The investigation thus far has not discovered any proof that suggests patient data misuse. Affected persons received a complimentary credit monitoring service membership.
Goldsboro Podiatry Notifies 30,669 Patients About Data Breach
Kevin Wolf, DPM, dba Goldsboro Podiatry based in North Carolina, has lately announced that unauthorized individuals potentially obtained the protected health information (PHI) of 30,669 individuals. The breach happened at an unnamed company that manages the electronic medical records of patients for the practice. It was discovered on April 29, 2022 because of the encryption of selected servers employed by the company during a ransomware attack. The service provider affirmed last May 2022 that attackers accessed the data on the servers and potentially stole them. Goldsboro Podiatry received a notification regarding the ransomware attack on May 20, 2022.
The following data was exposed in the attack: names, contact details, birth dates, Social Security Numbers, demographic details, medical background, medication data, clinical findings, diagnoses, and/or treatment programs.
Goldsboro Podiatry stated its service provider has strengthened the security of its IT systems and upgraded its cybersecurity protection to avoid potential attacks and has provided impacted people with free access to identity theft protection and credit monitoring services.
Allegheny Health Network Phishing Attack Affects Hundreds and Hundreds of Patients
Allegheny Health Network located in Pennsylvania has lately confirmed that an unauthorized third party accessed the email account of an employee following a response to a phishing email. On May 31, 2022, the employee responded to the message and the breach was discovered the following day.
An assessment of the email account affirmed that protected health information including names, birth dates, dates of medical services, medical histories, medical conditions, diagnoses and treatment data, and driver’s license numbers is contained in the account. Some individuals likewise had their Social Security number and/or financial details breached.
Allegheny Health Network mentioned quick action was taken to deal with the incident, which includes doing a password reset to stop further unauthorized access. A third-party cybersecurity company has furthermore helped to enhance its security controls.
Allegheny Health Network has sent the breach report to the HHS’ Office for Civil Rights with a placeholder of 500 records until eventually the breach is fully investigated and the number of people impacted is known. Local media have stated about 8,000 persons were affected.