Newman Regional Health and Contra Costa County Report Email Account Breaches

Newman Regional Health (NRH), which manages a 25-bed critical access hospital located in Emporia, KS, has lately begun informing 52,224 individuals that unauthorized persons have acquired access to selected employee email accounts containing protected health information (PHI).

NRH mentioned on its website that unauthorized individuals accessed some employee email accounts in a span of 10 months in 2021 from January 26, 2021 to November 23, 2021. Upon discovery of the security breach, immediate action was undertaken to protect the accounts. NRH launched an investigation to find out the scope and nature of the incident.

NRH mentioned an audit of the email messages in the breached accounts confirmed on March 14, 2022 the exposure of the following types of patient data: Names, birth dates, medical record/ID numbers, e-mail addresses, addresses, telephone numbers, and some heath, treatment or insurance data. Some employees’ data obtained is associated with a person’s receipt of services from or work with NRH. Some of them likewise had their financial data or Social Security number compromised.

The types of data compromised differed from person to person, and no proof of fraudulent activity resulting from the breach was found during that time of sending notification letters. NRH stated it has enforced extra procedures to strengthen security.

Contra Costa County Reports Email Account Security Breach

Contra Costa County based in California has reported unauthorized access to employee email accounts and the compromise of sensitive personal data. As per the forensic investigation into the breach, unauthorized persons accessed employee email accounts from June 24, 2021 to Aug. 12, 2021.

Based on the substitute breach notice posted on the website of Contra Costa County, the email accounts stored data of employees and people who had earlier gotten in touch with the County’s Employment and Human Services Department. The exposed information included names, driver’s license numbers, Social Security numbers, state-issued I.D. numbers, passport numbers, financial account numbers, medical data, and/or medical insurance details.

Although unauthorized email account access was established, it wasn’t possible to ascertain whether any emails or file attachments contained in the accounts were viewed or copied. The date when the breach was discovered is uncertain; nevertheless, Contra Costa County stated the breach investigation ended on March 11, 2022. Notification letters had been mailed to impacted persons on April 15, 2022. Free credit monitoring services were provided to qualified persons.

The breach is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is still unknown how many people were impacted.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA