The association of private orthopedic surgery professionals, Fondren Orthopedic Group based in Houston and the nearby areas, encountered a cyberattack that impacted some components of its IT system.
The substitute breach notice published on Fondren Orthopedic Group’s website described the incident as a malware attack, which destroyed some patients’ medical records. The group took immediate action to stop the malware infection and restored its systems; nevertheless, it was not able to recover the medical records damaged by the malware.
The information contained in the permanently lost records included the names of patients, addresses, phone numbers, medical insurance details, and diagnosis and treatment data. All patients impacted by the breach were Dr. K. Matthew Warnock’s present or past patients.
Third-party forensic investigators helped investigate the incident and did not find any proof of unauthorized access or exfiltration of data. Fondren Orthopedic Group is going over its data security policies and protocols and is going to update as necessary to improve toughness against malware attacks. The Group notified the impacted patients and advised them to fill up new patient forms and provide information about their health histories the next time they go to Dr. Warnock.
The HHS’ Office for Civil Rights already received a report of the cyberattack. The breach report indicated that approximately 30,049 patients were impacted.
Unspecified Data Breach at Access Health CT
Access Health CT, which is a medical insurance marketplace in Connecticut, had a data breach that exposed about 1,100 consumers’ protected health information (PHI).
The substitute breach notice of Access Health CT expressed apologies to the affected people for any trouble brought about by the breach. Access Health CT also offered the people complimentary access to services that protect their PHI. There is no explanation mentioned in the breach notice regarding the nature of the breach, its date of occurrence, and the types of data compromised.
It was also mentioned in the breach notice states that Access Health CT took action to strengthen its security and has longer-term projects planned for system adjustments and more regular Information Technology (IT) security and HIPAA training to boost data security and awareness.