Data Breaches Reported by NYC Health + Hospitals, Polsinelli PC, Work Health Solutions, and Epic Management

Occupational health services provider, Work Health Solutions based in San Jose, CA, has reported the exposure and potential theft of the protected health information (PHI) of 13,157 persons by unauthorized people who got access to a work email account from February 16, 2-022 to March 24, 2022.

After a third-party cybersecurity company’s investigation, Work Health Solutions confirmed that the email account included files with data of persons who had obtained services from the provider. The manual analysis of those files ended on October 11, 2022. Work Health Solutions then validated contact details and issued notification letters on November 9, 2022.

The compromised files included names, driver’s license numbers, Social Security numbers, medical insurance data, and/or medical details. Free credit monitoring services were provided to those whose Social Security numbers had been potentially exposed. Work Health Solutions stated it continually examines and changes its practices to enhance privacy and security. It also educates its employees concerning privacy issues.

Over 10,500 Individuals Impacted by Epic Management Email Account Breach

The healthcare management firm, Epic Management LLC, recently reported that unauthorized persons acquired access to its digital platform and viewed files and data saved in its email program. Epic Management did not make known the date the breach happened yet stated the evaluation of impacted files was complicated and time-consuming. The evaluation process was finished on December 9, 2022.

The data in the email system contained first and last names, birth dates, medical insurance details, medical data, driver’s licenses, Social Security numbers, passport numbers, biometric information, usernames and passwords and/or financial account numbers and routing numbers, payment card numbers and security codes and/or expiration dates.

Epic Management offered credit monitoring and identity theft protection services to those who had their Social Security numbers exposed. It also updated its cyber environment to avoid the same incidents later on.

NYC Health + Hospitals Notifies Patients Regarding Loss of Device That Contains PHI

NYC Health + Hospitals states a flawed hard drive that held the protected health information (PHI) of 2,174 individuals was found to be lost from a visual field testing device based at its NYC Health + Hospitals/Woodhull center in Brooklyn, NY. Considering that the drive cannot be found it was not possible to say if the information on the device can be accessed, however it was affirmed that the device included patients’ names, birth dates, visual field test data and medical record numbers.

Because of the breach, NYC Health + Hospitals has re-educated workers on its policy for the proper chain of custody for gadgets that contain PHI when those gadgets are removed from service. Additionally, a new policy was enforced that demands PHI be taken from visual testing devices regularly. The training was additionally enhanced to ensure all employees are aware of the need to promptly notify officials about potential breaches of PHI.

Unauthorized System Access Discovered by Missouri Law Company

Law company Polsinelli PC located in Kansas City, MO provides hospitals with corporate legal services. It reported that unauthorized persons viewed files that included patient records on September 9, 2022, from two places. A third-party cybersecurity firm looked into the breach and stated that the breach did not impact its network and main document database; nevertheless, the files that were accessed included minimal patient data, like names, addresses, dates of birth, medical insurance data, patient account numbers, medical record numbers, some clinical details, and Social Security numbers. Patients of St. Luke’s Health Brazosport are identified to have been impacted.

Persons whose Social Security numbers were affected got offers of credit monitoring and identity theft protection services. Nonetheless, the law company thinks that no exposed information will be employed for identity theft or scam. The HHS Office for Civil Rights already received the breach report, which showed that 1,220 individuals were impacted.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at