Data Breaches at Upstate Homecare, Sarasota MRI, and Consociate Health

Upstate Homecare, Consociate Health and Sarasota MRI, and have lately informed regulators and patients concerning security incidents relating to their personal data and protected health information (PHI).

Upstate Homecare Informs 5,100 Patients Concerning Ransomware Attack
The home healthcare company based in Albany, NY, Upstate Healthcare, has informed 5,114 patients regarding a recent ransomware attack by which patient information was compromised.

The breach notification letters failed to mention exactly when the attack happened; nonetheless, a third-party cybersecurity company conducted an investigation and confirmed on November 4, 2021 the theft of patient data and the publishing of the data to a data leak site on the darknet.

The stolen information included full names, email and physical addresses, birth dates, phone numbers, Social Security numbers, driver’s license numbers, bank account details, treatment information, patient ID numbers, doctors’ names, and Medicare/Medicaid numbers.

Subsequent to the attack, Upstate Healthcare carried out a detailed assessment of its security activities and has enforced supplemental safety measures to better safeguard its systems and data against potential attacks. Impacted people were alerted on November 24, 2021, and received offers for complimentary membership to identity theft monitoring and restoration services.

Consociate Health Uncovers Breach at Employee Benefits Plan Administrator

Consociate Health, a firm offering worker benefits programs and plan administration services, has lately concluded a 10-month inquiry into an information breach affecting the PHI of 982 people. The investigation showed the breach merely affected the PHI of persons from January 1, 2014, to December 31, 2015.

The types of information compromised are names, addresses, birth dates, diagnosis codes, health record numbers, medical insurance details, medical record data, and Social Security numbers.

There was no proof identified that reveal the improper use of any PHI has nevertheless, as a preventative measure, impacted people got one-year free access to identity theft monitoring services.

Sarasota MRI Alerts Patients Regarding Probable PHI Breach

Sarasota MRI located in Florida has commenced informing a number of patients concerning the probable compromise of their protected health information. At the end of July 2020, a third-party, unaffiliated cybersecurity agency got in touch with Sarasota MRI to alert it of the misconfiguration of its servers, which made allowed the access of data on the server.

It was verified that the involved server was not being used and information was moved to some other server. Additionally, an assessment of the server revealed no evidence that indicates access by unauthorized persons, aside from the security organization that noticed the wrong configuration.

Nevertheless, considering that it wasn’t possible to eliminate the compromise of persons’ names, dates of birth, health data, and medical pictures, impacted persons are currently being advised. As per the breach notification letter submitted to the Vermont attorney general on November 12, 2021, Sarasota moved swiftly to fix the issue and carried out an investigation into a probable breach and did something to secure its systems.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at