La Casa de Salud, New York
The human services organization Acacia Network based in New York City has lately informed the HHS’ Office for Civil Rights regarding an email account breach that was discovered on July 17, 2020. Based on the breach notification posted on the Acacia Network web page, email accounts had been viewed for some time {from|between} June 6, 2020 {to|and} June 12, 2020. Acacia Network launched an investigation immediately with the help of a forensic company, however it was impossible to know whether any emails or file attachments were viewed or stolen.
An assessment of the emails stored in the account showed they comprised patients’ names, driver’s license numbers, Social Security numbers, addresses, dates of birth, financial account numbers, resident ID numbers, medical record numbers, medical insurance data, Medicare numbers, provider names, treatment, prescribed medication, and/or diagnostic data.
The Acacia Network stated the email accounts included the information of a portion of customers in these programs:
- Bronx Addiction Services Integrated Concepts System, Inc.
- Bronx Accountable Healthcare Network
- Community Association of Progressive Dominicans
- Greenhope Services for Women, Inc
- El Regreso, Inc
- La Casa De Salud, Inc
- United Bronx Parents, Inc.
- Promesa, Inc.
The breach report was submitted to the HHS’ Office for Civil Rights under the name La Casa De Salud. It indicated that 9,969 patients were affected. It is presently not clear whether that is the complete number of people impacted. Notification letters had been sent on February 22, 2022, and free credit checking and identity protection services were provided to people who had their driver’s license number or Social Security number compromised. There was no explanation provided about the reason why the victims were informed after over 18 months.
Valley View Hospital, Colorado
Valley View Hospital based in Colorado has lately reported that unauthorized people accessed four employees’ email accounts after the employees replied to phishing emails. The hospital detected the email account breaches on January 19, 2022. The hospital immediately secured the email accounts and engaged a forensic security company to investigate and find out the nature and extent of the data breach. On March 29, 2022, it was learned that four email accounts were breached that included data of roughly 21,000 hospital workers and patients. Valley View Hospital failed to point out in its substitute breach notice which information was exposed.
Affected persons began receiving the notification letters on March 19, 2022.