Avem Health Partners based in Oklahoma City provides healthcare companies with administrative and technology services. It recently began informing its healthcare clients regarding a data breach that happened at 365 Data Centers, its vendor.
365 Data Centers informed Avem Health Partners on September 9, 2022 that an unauthorized third party accessed its servers. The data breach was discovered on May 16, 2022, and the investigation confirmed the potential unauthorized access to information saved on those servers before May 14, 2022. Avem Health Partners stated in the substitute breach notice posted on its website when the breach of its vendor’s servers first occurred.
An analysis of the records on the breached servers affirmed the exposure of protected health information (PHI) including patient names, birth dates, driver’s license numbers, Social Security numbers, medical insurance data, and diagnosis and treatment details. Avem Health Partners is sending breach notification letters to impacted persons on behalf of its vendor and offering free identity theft protection and credit monitoring services to persons whose driver’s license numbers or Social Security numbers were compromised. Avem Health Partners stated it is re-assessing its vendor associations and the security steps that its vendors have enforced.
The incident is not yet posted on the HHS’ Office for Civil Rights breach website, however, the Texas Attorney General’s website shows that 73,134 persons were impacted.
Emory Healthcare Announces Insider Data Breach
Emory Healthcare based in Atlanta, GA recently reported that an ex-employee got access to the information of roughly 1,600 patients with no authorization. The U.S. Department of Labor (DOL) notified Emory Healthcare concerning the privacy breach on August 24, 2022. A quick investigation was carried out by checking the access logs. It was confirmed that the employee accessed the patient records from December 2020 to December 2021 without any valid work reason. In just one year, the employee accessed the records of about 1,600 patients.
As per the DOL, the ex-Emory Healthcare worker disclosed the demographic details of a few hundred Emory Healthcare patients to persons who were engaged in unemployment benefits scams. The DOL and the U.S. Department of Justice (DOJ) have accused eight persons in connection with the fraud, which includes the ex-Emory Healthcare worker. Emory Healthcare stated it cooperated completely with authorities throughout the investigation, detention, and prosecution of those persons. The healthcare provider is now sending notification letters to all impacted persons, who were given free identity theft protection and credit monitoring services.
The stolen information included names, birth dates, and Social Security numbers. No medical data, insurance information, or financial data were stolen. Emory Healthcare stated it has strengthened the privacy and security training of its patient care groups and is implementing recommended technology protocols to secure patient information and identify unauthorized access.