The Central California Alliance for Health found out that an unauthorized individual acquired access to several employees’ email accounts and possibly viewed or duplicated information in emails and file attachments. The healthcare provider detected the breach on May 7, 2020 and took immediate action to safeguard the breached accounts. In every case, the accounts were accessed for a period of roughly one hour.
An evaluation of the compromised accounts showed they contained a minimal amount of protected health information (PHI) of Central California Alliance for Health members including Alliance Care management program files, dates of birth, claims data, demographic details, Medi-Cal ID numbers, referral details, and medical data. There was no compromise of financial details or Social Security numbers.
Right after the breach, Central California Alliance for Health performed a full password reset for all email accounts, which include the accounts that were not breached. Employees also had more HIPAA compliance training in email security.
Central California Alliance for Health already reported the breach to the Department of Health and Human Services’ Office for Civil Rights indicating that 35,883 members were affected.
Hacking of Hutton & Hale, D.D.S., Inc. Impacts 8,394 Patients
Dr. Ann Hale of Hutton & Hale, D.D.S., Inc. started sending notifications to 8,394 patients about the potential compromise of some of their protected health information because a hacker gained access to the practice’s databases and computer systems on May 25, 2020.
Those systems held patients’ healthcare records and protected health information like names, contact telephone numbers, addresses, Social Security numbers, and X-ray data.
All affected patients were provided free 12 months membership to identity theft protection and credit monitoring services and will have coverage by a $1,000,000 identity theft insurance policy. To date, there are no reports received that suggest the misuse of any patient information.
The practice is introducing extra security measures to its web server infrastructure to avoid other security breaches.
Wisconsin Department of Corrections Breach Impacts 1,853 Persons
The Wisconsin Department of Corrections learned that the information of persons stored in its treatment facilities was exposed on the webpages of three vendors contracted to take care of canteen orders. An employee discovered the data on May 15, 2020. Affected persons were informed on June 15, 2020.
The compromised details were limited to names and information about the treatment center where they are situated. That information must be masked on the sites. The error is already fixed and the information is no longer accessible online.