Data Breaches at Colorado Retina Associates and Walmart

On January 12, 2021, Colorado Retina Associates in Denver found out that an unauthorized person accessed the email account of one employee and utilized it to send out phishing emails to contacts listed in the employee’s email account. The company immediately secured the email account and had a cybersecurity company investigate the breach to find out the scope of the breach.

That investigation ended on February 24, 2021 and confirmed that other email accounts were also compromised. Two email accounts held some patients’ protected health information (PHI). The nature of the phishing attack suggested that from January 6, 2021 to January 17, 2021, synching might have taken place. So the information contained in the email accounts might have been replicated in the attacker’s gadget.

A thorough evaluation of the email accounts was done which showed that there was 26,609 individuals’ PHI contained in the email accounts. The types of PHI differed from person to person and might have included full names, birth dates, home addresses, email addresses, telephone numbers, dates of service, diagnoses and medical conditions, laboratory and diagnostic tests, prescription drugs, other treatment or procedure details, and a number of medical insurance, claims, billing, and payment details.

Less than 3% of impacted people had their Social Security compromised, and less than 0.2% of people had their financial account, payment card details, or driver’s license exposed.

Colorado Retina Associates performed a password reset in the whole email system and made changes to the way authorized people access their email accounts. The entire workforce also went through security awareness training.

Impacted people have now been informed and were provided one-year of identity theft protection services.

Walmart Finds out the Potential Compromise of PHI of 2,067 Customers

On February 16, 2021, one supplier of Walmart sent a notification about a security incident that might have impacted the PHI of Walmart clients.

The supplier employed a data hosting service that was breached on January 20, 2021. The attackers took the records associated with 2,067 Walmart pharmacy clients which contained data like names, birth dates, addresses, phone numbers, medication details, prescription numbers, prescriber details, prescription dates, and a very few medical insurance subscriber ID numbers.

The supplier stated it quickly stopped utilizing the data hosting service upon knowing about the breach. Walmart stated it is looking at the security procedures of its supplier and will be keeping track of the situation associated with the data security incident.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at