Data Breach at Sierra Nevada Primary Care Physicians and the University of Maryland

Sierra Nevada Primary Care Physicians based in California is notifying 1,717 patients regarding an incident that resulted in the stealing of selected protected health information (PHI), which includes names and credit card details.

The District Attorney’s office notified Sierra Nevada Primary Care Physicians on May 20, 2021 that two envelopes with receipts issued by the practice were found in the suspect’s vehicle.

The receipts were issued to patients for payments made from January 1, 2019 to March 20, 2019. For people who personally made credit or debit card payments at the front desk, the receipts included the person’s name, the amount charged, name of the practice, and the card number’s last four digits. Receipts for payments made by people making use of a debit card or credit card by mail or via the telephone contained that person’s name, practice name, amount charged, credit/debit card number, CVV code, expiry date, and signature.

The District Attorney stated that there were two envelopes and receipts retrieved and the perpetrators had been detained. Sierra Nevada Primary Care Physicians has provided the impacted people with one-year free credit monitoring services though it is convinced that misuse of data is unlikely. The provider already took steps to enhance security, such as holding receipts in a locked room that is accessible to only two people and blacking out the credit card information on all receipts.

University of Maryland, Baltimore Affected by Cyberattack on Accellion

University of Maryland, Baltimore has reported the breach of 30,468 persons’ PHI in the December 2020 cyberattack on its Accellion File Transfer Appliance (FTA).

Hackers acquired access to its system, exfiltrated information, and asked for a ransom payment in exchange for the secure return of the stolen information. A part of that data was eventually posted on the hacker’s data leak website.

The University of Maryland stated that students and faculty staff used the system, which was carefully supervised. Patches to resolve security concerns had been promptly utilized; nevertheless, in this case, the attackers exploited a vulnerability, for which no patch is made available yet by Accellion.

A plan was actually created to change the system with a more recent, safer system before finding out about the system breach. The plan was carried out in February 2021 and the legacy Accellion FTA appliance had been changed. The affected individuals got free credit monitoring services.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at