Florida’s Integrated Regional Laboratories (IRL) is informing about 30,000 patients regarding the potential compromise of their protected health information (PHI) as a result of the American Medical Collection Agency (AMCA) data breach, which was discovered on March 20, 2019.
AMCA notified IRL on June 3, 2019 concerning its data breach and confirmed the exposure of IRL patients’ PHI on June 13, 2019.
IRL published on July 30 a breach notice on its company website and also notified their patients. IRL discontinued sending patient data to AMCA after the discovery of the breach and stopped using AMCA’s services. AMCA was also directed to safely discard all copies of PHI of IRL patients.
The breach summary posted on the HHS’ Office for Civil Rights portal indicated that the breach affected 29,644 patients.
In the last couple of days, the number of AMCA breach victims posted on OCR’s breach portal has been updated to 22 HIPAA-covered entities. To date, the confirmed number of exposed records is 24,739,540. The OCR breach portal has not added the breach reports of 9 victims yet. However, according to provisional statistics, the total victim count is most likely to go over 26 million.
Hacked Bayview Dental Server
Bayview Dental is notifying 1,938 patients regarding the unauthorized access of their PHI that was contained on a server.
Bayview Dental discovered on May 28, 2019 the suspicious activity on the server. Forensic specialists investigated the potential breach and reported on July 4, 2019 that the PHI of certain Bayview Dental patients could have been accessed. There was no way to find out if the attacker viewed or copied any patient data.
The following data of the affected patients may have been exposed: Name, telephone number, address, birth date, dental insurance data, medical/dental history details and Social Security number for some patients.
The impacted persons received notifications and offers of free credit monitoring services for one year. Bayview Digital implemented extra safety measures to avoid the same cyberattacks. Employees also underwent more HIPAA training about data privacy and security.
Phishing Attack on Mid-Valley Behavioral Care Network
Mid-Valley Behavioral Care Network (BCN) based in Salem, OR discovered the unauthorized access of two employees’ email accounts. The data breach was discovered on June 26, 2019, and the investigation results show the compromise of the accounts for 24 hours.
BCN provides services for Willamette Valley Community health plan members. The PHI of 10,710 WVCH plan members was exposed, including the personal data of 2,092 Oregon Health Plan providers.
It is not known if the attacker accessed email messages or stole PHI. Affected members received notification letters on August 9, 2019. Extra safety measures have been put in place to avoid any more breaches.