PHI Compromised in Breaches at CorrectHealth, Peter Brasseler, and UF Health Shands

CorrectHealth Notifies 54,000 Patients About the Email System Breach in November 2021

CorrectHealth based in Alpharetta, GA is sending notifications to patients regarding a breach of its email accounts. The security breach was identified on November 10, 2021. The investigation confirmed that an unauthorized individual accessed several employee email accounts. Legal counsel for CorrectHealth said the third-party forensic investigation of the data incident ended on January 28, 2022. It was confirmed that the breached email accounts of the patients contained protected health information (PHI).

An extensive review of the affected accounts was performed between March 2022 and July 2022 to determine the specific information that was impacted. The data that was exposed in the breach were: names, Social Security numbers, and addresses. CorrectHealth mentioned it did not know of any misuse of patient records.

CorrectHealth sent breach notification letters on August 25, 2022 and offered complimentary credit monitoring and identity theft protection services to the affected individuals. Because of the breach, CorrectHealth has put in place more safeguards, including deploying a sophisticated phishing service, adding disclaimers on all emails received externally, employing multi-factor authentication for administrative staff, and just one sign-on solution for clinical employees. CorrectHealth is additionally performing weekly data safety and simulated phishing training every month.

The company reported the breach to the Maine attorney general as affecting 54,066 people.

Brasseler Patients Affected by Ransomware Attack

Peter Brasseler Holdings, LLC located in Savannah, GA just confirmed that it suffered a ransomware attack. It discovered the attack on June 24, 2022 and launched an investigation. It was affirmed that the files included the protected health information (PHI) of individuals saved on sections of the impacted systems and were viewed or obtained in the incident. The breach also affected Brasseler U.S.A. Dental, LLC and Brasseler U.S.A. Medical, LLC., its subsidiaries.

The breach investigation is ongoing, however, it was affirmed that the following types of information were possibly compromised: names, identification numbers issued by the government for instance driver’s license numbers, passport numbers, and Social Security numbers; financial account data, like debit and credit card numbers; medical and insurance details; and other data, such as dates of birth.

The breach report was submitted to the Maine attorney general indicating that 3,353 persons were impacted. Brasseler offered the affected people a free 24-month membership to Experian’s IdentityWorks credit tracking and identity theft protection assistance.

Email Accounts Compromised at Gifted Healthcare

Gifted Healthcare based in Metairie, LA has announced a data breach that affected the protected health information (PHI) of its patients. Although the incident showed up to be restricted to one email account, the investigation showed the compromise of three email accounts from August 25, 2021 to December 10, 2021. Gifted Healthcare didn’t mention when it discovered the breach, however, the analysis of the impacted email accounts was finished on July 25, 2022. The company sent notification letters to impacted persons on August 25, 2022.

The information exposed in the breach were the following: names, addresses, Social Security numbers, driver’s license numbers, financial data, medical insurance details, and medical data. Gifted Healthcare reported the breach to the Maine attorney general indicating that 13,770 persons were affected.

Email Accounts Compromised at Gifted Healthcare

Gifted Healthcare based in Metairie, LA has announced a data breach that affected the protected health information (PHI) of its patients. Although the incident showed up to be restricted to one email account, the investigation showed the compromise of three email accounts from August 25, 2021 to December 10, 2021. Gifted Healthcare didn’t mention when it discovered the breach, however, the analysis of the impacted email accounts was finished on July 25, 2022. The company sent notification letters to impacted persons on August 25, 2022.

The information exposed in the breach were the following: names, addresses, Social Security numbers, driver’s license numbers, financial data, medical insurance details, and medical data. Gifted Healthcare reported the breach to the Maine attorney general indicating that 13,770 persons were affected.

UF Health Shands Staff Snooped on Data of More or Less 1,000 Patients

UF Health Shands has lately reported that an ex-employee viewed the information of 941 patients with no authorization from April 27, 2021, to July 21, 2022. Upon discovery of the unauthorized access, the employee’s access to patient data was terminated awaiting a complete investigation, which affirmed that the employee had seen patient data like names, addresses, telephone numbers, diagnoses and ailments, and some medical insurance details.

UF Health Shands stated the person is not working with UF Health Shands anymore.

About Christine Garcia 1295 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA