Cyberattack on SuperCare Health and Englewood Health

SuperCare Health based in Downey, CA, a provider of post-acute, in-home respiratory care in the Western United States, recently began informing 318,379 individuals about the exposure of some of their protected health information (PHI) and its potential access by unauthorized people because of a cyberattack that happened in July 2021.

On March 25, 2022, SuperCare Health sent breach notification letters explaining that it identified unauthorized activity inside its IT programs on July 27, 2021. It took immediate steps to protect its network and stop more unauthorized access. Third-party cybersecurity specialists investigated the nature and extent of the breach.

The investigation confirmed that unauthorized persons got access to areas of its network between July 23, 2021 and July 27, 2021. It was likely that the hackers accessed files in the network that comprised patients’ PHI. A detailed analysis of the files was done, which revealed on February 4, 2022, that they included sensitive patient information like names, addresses, dates of birth, hospital/medical group, medical record numbers, patient account numbers, medical insurance data, testing/diagnostic/treatment details, other health-related data, and claims data. The Social Security numbers and/or driver’s license numbers of some individuals were also compromised.

Because of the security breach, SuperCare Health reviewed its security safety measures and more security measures were put in place to better secure the personal data and PHI of its patients.

SuperCare Health is providing impacted individuals with a free membership to an identity theft protection service, including dark web tracking, credit checking, and an identity theft reimbursement insurance plan.

Englewood Health Alerts 3,900 Patients Concerning PHI Exposure

Englewood Health based in Englewood, NJ, an acute care 289-bed teaching hospital, recently announced that a security breach impacted the PHI of 3,901 individuals. On February 14, 2022, Englewood Health discovered the compromise of the username and password of a worker, which enabled an unauthorized person to view patient names, birth dates, and some health data. Englewood Health stated the unauthorized person got access to patient information for just under 40 minutes, then the intrusion was discovered and blocked.

Because of the breach, Englewood Health made updates to its physical, technical network and administrative controls and already mailed notifications to affected patients. Although only a limited amount of information was compromised, the hospital offered free credit monitoring services to impacted patients.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA