Data Breaches at Texas ENT Specialists and Virginia Department of Behavioral Health and Developmental Services

Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) recently suffered a cyberattack that was discovered on October 19, 2021.

The moment the attack was identified, immediate action was done to avoid further access to the system by unauthorized individuals. A third-party cybersecurity agency was hired to investigate and find out the nature and magnitude of the attack. The forensic investigation confirmed that the attackers first acquired access to its systems on August 9, 2021, and since then up to August 15, they copied and exfiltrated files from its network.

An evaluation of those files affirmed they consist of the protected health information (PHI) of 535,489 patients, including names, dates of birth, procedure codes, and medical record numbers. A subset of patients additionally had their Social Security numbers exposed; nonetheless, its electronic medical record system was not impacted.

Texas ENT Specialists mailed breach notification letters to affected people on December 10, 2021. Patients whose Social Security numbers were stolen were provided complimentary Experian’s identity theft monitoring service.

Texas ENT Specialists stated that it has toughened its privacy and information security program and has enforced extra technical security measures to better safeguard and keep track of its systems.

Virginia Department of Behavioral Health and Developmental Services Encounters Second Funding Portal Breach

The Virginia Department of Behavioral Health and Developmental Services (DBHDS) is sending notifications to 4,037 persons who sent applications for Individual and Family Support Program (IFSP) funding that some of their protected health information could have been impermissibly disclosed. The breach impacted its IFSP Funding Portal and happened on October 7, 2021. The breach was noticed in minutes and the website was quickly taken offline to avert further unauthorized data access.

In 2019, DBHDS encountered a breach of its IFSP funding site that compromised the information of 1,442 people. In the next 17 months, the internal team and the Virginia Information Technology Agency (VITA) looked into the attack and attempted to reproduce and resolve the issue. Comprehensive testing of the Portal was done, and it was established the Portal was clear to operate once again. The most recent breach seems to be the same as the 2019 incident and may likewise have permitted the viewing of data by other applicants.

DBHDS stated it will not try to repair the Portal once more, and a substitute solution can be discovered for upcoming IFSP application processes. People whose application information was exposed can sign up for no-cost credit monitoring services for 2 years.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA