Data Breaches Reported by Suncoast Skin Solutions, South City Hospital, Raveco Medical, and the Colorado DHS

Suncoast Skin Solutions, a network composed of 22 surgical, medical, and cosmetic dermatological care clinics based in Florida, recently began sending notifications to 57,730 patients regarding a ransomware attack it discovered on July 14, 2021.

Suncoast mentioned upon detection of the cyberattack, it took prompt action to avoid the encryption of its entire systems and engaged a third-party cybersecurity firm to perform a forensic investigation to find out the nature and magnitude of the cyberattack.

On October 14, 2021, the cybersecurity company ended its investigation and Suncoast performed an initial evaluation of its systems to find out if they comprised any patient files. That process was accomplished on November 8, 2021, and a third-party vendor was employed to evaluate all affected files to know the specific individuals whose information was potentially breached.

Suncoast has already affirmed that the following types of data were possibly viewed by the attackers: names, dates of birth, clinical data, doctor’s notes, and other limited treatment details. Suncoast stated it did not know of any attempted or actual misuse of patient information due to the security breach. Steps were done to avert similar breaches later on, which include relocating all patient files to an encrypted system. No cost credit monitoring services were given to a number of impacted people.

South City Hospital Reports Theft of Backup Server That Contains PHI of 21,601 People

South City Hospital located in St. Louis, MO, earlier known as St. Alexius Hospital, encountered a break-in on November 13th or 14th and robbers took a backup imaging server from one practice location.

An analysis of the server proved it held protected health information (PHI) of 21,601 persons, such as names, health insurance details, Social Security numbers, radiology imaging, and/or other related medical information.

Due to the break-in, the hospital has put in place extra security measures to avoid further exposures of patient information.

PHI of 4,897 Persons Possibly Compromised in Raveco Medical Hacking Incident

The women’s health clinic Raveco Medical based in New York City has advised 4,897 patients concerning the possible access of some of their PHI by unauthorized persons.

Raveco Medical discovered a security breach on November 22, 2021, and engaged a third-party cybersecurity agency to investigate the breach. The investigation established the copying of files in its systems that included first and last names of patients, dates of birth, medicines, diagnoses, Social Security numbers, and/or payment card details.

Raveco Medical mentioned it is trying to enhance data security to avert more hacking incidents. Affected people were given complimentary membership to credit monitoring and identity theft resolution services from IDX.

Cyberattack on Business Associate Impacts Colorado Department of Human Services

The Colorado Department of Human Services (CDHS) has informed 6,132 people concerning the potential compromise of some of their PHI in a cyberattack on its vendor, Sound Generations.

Sound Generations based in Seattle, WA provides services for adults having disabilities, and CDHS contracts with Sound Generations to keep data for its evidence-based fall prevention program known as A Matter of Balance. Sound Generations looked into the breach and although there is no evidence of data misuse identified, it was not possible to eliminate unauthorized information access.

The types of data possibly exposed consist of names, phone numbers, addresses, email addresses, birth dates, and if clients have medical insurance.

About Christine Garcia 1289 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA