Data Breaches Reported by the Onyx Technologies, New Jersey Department of Health, & San Diego American Indian Health Center

Onyx Technologies based in Largo, MD, a company offering Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), recently informed 96,814 health plan members about the potential compromise of some of their protected health information (PHI).

Onyx found out on June 28, 2022 that unauthorized individuals had accessed its computer systems and may have acquired access to the protected health information of iCare members, which includes names, birth dates, addresses, phone numbers, iCare member ID numbers, Medicare ID Numbers, dates of service, and provider names.

Onyx stated that an analysis of its computer networks was promptly done, and a security company assisted with the investigation. Systems access was restored on July 7, 2022. According to Onyx, a server may have been removed or accessed from March 29, 2022 to June 28, 2022. On July 15, 2022, the security company learned that some information related to individuals might have been viewed.

Onyx mentioned it did not find any evidence that suggests any of the affected data was identified. Affected people were provided complimentary two-year credit monitoring and identity theft protection services.

27,367 Patients Impacted by San Diego American Indian Health Center Breach

San Diego American Indian Health Center has advised 27,367 current and former patients that unauthorized persons obtained access to areas of its network and exfiltrated files containing some of their PHI.

The health center detected the security breach on May 5, 2022, and took immediate steps to protect the system and avoid further unauthorized access. The investigation by a digital forensics company confirmed on July 22, 2022 the exposure of patient information, including names, driver’s license numbers, state identification card numbers, tribal ID card numbers, medical details, health insurance data, dates of birth, and Social Security numbers.

San Diego American Indian Health Center mentioned it is unaware of any attempted or actual misuse of patient data. Affected people have been given free credit monitoring and identity protection services and action had been done to enhance security to stop more data breaches.

New Jersey Department of Health Notifies Patients Regarding Vendor Data Breach

The New Jersey Department of Health, Division of Behavioral Health Services just announced the theft of the PHI of some patients of Anne Klein Forensic Center and Trenton Psychiatric Hospital during a security incident that happened at a vendor providing the hospitals with medical translation and dictation services.

Unauthorized persons acquired access to sections of the vendor’s systems and extracted files that included the protected health information of patients. The vendor informed the NJ Department of Health regarding the information breach last June 30, 2022. It is unclear at this time which vendor was impacted, the types of data compromised, and the number of people affected by the data breach. The impacted hospitals will alert the patients directly in case they are affected.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA