Data Breaches at ZocDoc and Cincinnati Parenting Center

ZocDoc based in New York, which provides a platform that allows potential patients to schedule meetings with doctors and dentists, has found an issue in its software program that permitted patient information to be seen by medical and dental practices when access must have been restricted.

The investigation uncovered programming issues that had happened from August 2020 up to the time the problems were found and resolved, selected past and current practice employees could access the provider portal, even when their accounts ought to have been either decommissioned, removed, or been limited. In all instances, the people who might have accessed patient records wrongly were healthcare providers and are for that reason sure to keep the privacy and security of patient information. ZocDoc stated there is no proof that suggests there have been any other disclosures of patient records.

Patient information possibly accessed included names, email addresses, phone numbers, consultation histories with the practice, insurance details, Social Security numbers, and medical data given by patients connected with appointments reserved via the service.

ZocDoc mentioned it completed an audit of its program and code and the programming mistakes were fixed. Security measures have now been improved, regular security assessments will still be done, and steps have been done to improve those reviews.

ZocDoc explained roughly 7,600 persons throughout the United States were affected. As a safety measure against identity theft and fraud, impacted persons have been provided a free membership to the Experian IdentityWorks identity theft protection service for 12 months.

Cincinnati Parenting Center Reports Email Account Breaches

Beech Acres Parenting Center based in Cincinnati found out that an unauthorized person had accessed email accounts that contain client data. A digital forensics company assisted with the investigation to know the nature and full magnitude of the breach. The investigation revealed that an unauthorized individual accessed the email accounts between December 29, 2020 and March 18, 2021.

An analysis of the emails and file attachments in the affected accounts showed they included sensitive client details such as names, dates of birth, dates of service, client account numbers, provider names, treatment, and clinical data and, for a subgroup of people, health insurance data, Social Security numbers, and/or driver’s license numbers.

When the breach was discovered, all email accounts were made secure. Devices and systems are being evaluated and steps will be undertaken to enhance security. The employees will additionally be re-educated on identifying and eliminating suspicious emails.

As soon as the review has finished, affected persons will receive breach notifications via mail. People who had their Social Security or driver’s license number potentially breached will be given complimentary credit checking and identity protection services.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA