Data Breaches at VisionWeb Holdings and Eventus WholeHealth

October 20, 2022 Christine Garcia HIPAA News

VisionWeb Holdings based in Austin, TX, a company providing the eye care industry with Internet-delivered software solutions for enhancing practice efficiency, lately submitted a data breach report to the HHS’ Office for Civil Rights indicating that up to 35,900 individuals were affected.

Based on the breach report submitted to the HHS on October 3, 2022, unauthorized persons accessed its email account that stored patient data. The breach report was likewise submitted to the Texas Attorney General. The report states the potential compromise of names, government-issued ID numbers, Social Security numbers, medical data, and medical insurance details. On October 3, 2022, VisionWeb sent individual notifications to impacted persons, together with details on how to safeguard against identity theft and fraud.

Email Account Breach at Eventus WholeHealth

Eventus WholeHealth based in Durham, NC just confirmed that an unauthorized individual accessed an employee’s email account. The company detected suspicious email account activity on June 1, 2022, and quickly took action to protect the account. The breach investigation confirmed on August 17, 2022 the unauthorized access to the account by a third party who might have viewed or extracted sensitive patient information. However, there was no particular proof found about the unauthorized access or theft of data.

Eventus stated that the breach was limited to just one email account and mentioned that the account uses multifactor authentication. However, its MFA failed to block unauthorized access. The company is sending breach notifications to the impacted persons. They will be given additional information regarding the exact types of data that were exposed. The breach notification submitted to the Montana Attorney General did not detail the types of data exposed. Impacted persons are provided with free credit monitoring and identity theft protection services.

The breach is not yet posted on the HHS’ Office for Civil Rights web portal, hence, the number of affected individuals is not yet certain.

About Christine Garcia 1175 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA
Twitter