Data Breach Reported by Acorda Therapeutics, TridentCare, and Avamere Health Services

Acorda Therapeutics Reports Email Account Breach

The biotechnology firm Acorda Therapeutics based in Ardsley, NY reported that an unauthorized third party acquired access to its email system and possibly viewed email messages and file attachments that contain patient information. It discovered the email account breach in January 2022. The forensic experts stated that a number of email accounts were compromised on or approximately December 15, 2021.

The assessment of the impacted email accounts was finished on April 27, 2022 Afterward, Acorda Therapeutics confirmed the contact details of impacted patients, and sent breach notification letters to impacted persons in May and June 2022. Names were potentially accessed along with at least one of these types of data: birth date, diagnosis data, medical record number, treatment details, clinical details, prescription data, Social Security number, financial account details, insurance service provider, and/or treatment cost data.

Acorda Therapeutics mentioned that it had taken steps to enhance email security to avoid the same breaches later on. The breach is not yet posted on the HHS’ Office for Civil Rights portal, hence it is uncertain how many persons were impacted.

PHI of 6,200 TridentCare Patients Possibly Viewed in Break-in

The mobile clinical services provider TridentCare based in Maryland reported on June 16, 2022 that unauthorized individuals potentially accessed the personal data and protected health information (PHI) of clients and guarantors during a break-in at its establishments. The information was saved on hard drives in the facility. Third-party cybersecurity professionals helped to determine if patient information was viewed and came to the conclusion that there was a considerable chance that information on the hard drives could have been corrupted, making the information unreadable. In case that hadn’t occurred, to be able to read the files, people need to possess some technical capabilities.

An analysis of the hard drives affirmed they included the PHI of 6,200 people. For many people, the information on the hard drives contained names and birth dates, and for a number of people, name, birth date, and Social Security number. It is believed that other sensitive data, for instance, financial data or details associated with medical tests were not compromised.

Avamere Health Services Announces PHI Theft in Hacking Incident

Avamere Health Services based in Wilsonville, OR found out that an unauthorized third party had irregularly accessed its system from January 19, 2022 to March 17, 2022. The forensic investigators affirmed on May 18, 2022, that a number of files and folders were duplicated from its systems in that period of time, and several of those files included the PHI of patients.

Avamere Health Services hasn’t announced to the public the types of data exposed in the breach, and that fact was obscured from the breach notification sent to the Vermont Attorney General. According to Avamere Health Services, affected persons have already received notifications by mail and told about the types of data exposed. Free credit monitoring and identity theft protection and resolution services were provided.

The breach is not yet posted on the HHS’ Office for Civil Rights web portal, thus it is unsure how many persons were impacted.

 

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA