Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on June 1, 2022. A third-party cybersecurity company helped look into the incident. It was affirmed that an unauthorized third party viewed a number of employee email accounts between October 5, 2021 and May 15, 2022 as a consequence of responding to phishing emails.
The investigators cannot conclude which email accounts, if any, had been accessed, or whether data was stolen. Consequently, notification letters were given to all individuals whose PHI had been found in the impacted email accounts. The breached information differed from one person to another and might have contained names, medical insurance information, Social Security numbers, and clinical details.
Complimentary credit monitoring and identity theft protection services are being offered to affected persons. Healthback Holdings has strengthened its email security and extra training is provided to staff members about identifying and averting phishing emails.
Hacking Incident Reported by City of Newport in Rhode Island
The City of Newport, RI lately sent a breach report to the HHS’ Office for Civil Rights stating that the PHI of 6,109 individuals was impacted. Odd system activity was discovered within its system on June 9, 2022, and certain systems became unavailable. The forensic investigation affirmed that the attackers had obtained access to its system on June 8, 2022, and took files that consist of sensitive data from its systems.
An evaluation of the affected files was completed on June 12, 2022 and confirmed the inclusion of information of existing and past employees including their spouses and/or dependents. The possibly exposed data included names, birth dates, addresses, financial account numbers utilized for direct deposit, information linked to group health insurance, and Social Security numbers.
The City of Newport mailed notification letters to impacted persons on July 22, 2022 and provided free memberships to identity monitoring services to affected people. The company likewise took action to reinforce the security of the network.
OrthoArizona Informs Patients Regarding October 2021 Cyberattack
OrthoArizona has lately begun informing 2,748 people about the exposure of their PHI and potential theft during a cyberattack that was discovered on October 30, 2021. OrthoArizona stated it immediately employed the services of a third-party cybersecurity agency to help investigate the incident. It was an extensive and labor-intensive investigation and remediation process, which resulted in the delay of issuing notifications.
The analysis of the impacted files affirmed that they included names, mailing addresses, birth dates, Social Security numbers, and selected medical insurance data. No instances of fraud were found because of the incident. Those who had their Social Security number compromised received free credit monitoring and identity theft protection services via IDX. OrthoArizona stated it has evaluated and upgraded its data security guidelines and procedures.