PHI Exposed in Data Breaches at Five Health Care Companies

563,000 Patients and Health Plan Members Affected by Hacking and IT Incidents

Consulting company Health Care Management Solutions LLC based in West Virginia, which provides healthcare for vulnerable individuals including veterans, has just submitted a data breach report to the HHS’ Office for Civil Rights indicating that up to 500,000 persons were affected.

There is little information presently known concerning the data breach since the company has not openly announced the breach yet. A substitute breach notice is not yet posted on the company webpage. Based on the OCR breach summary, this was a hacking incident on its network server(s). The magnitude of compromised protected health information (PHI) is still unknown. Notifications were given on November 14, 2022

Stanley Street Treatment and Resources Reports Data Breach in October 2021

The addiction and treatment center, Stanley Street Treatment and Resources, Inc. (STAR) based in Fall River, MA, lately reported a data breach that happened last October 2021. Based on the STAR substitute breach notice, STAR detected the breach in September 2022. An unauthorized person acquired access to its system and extracted files that contain the PHI of 45,785 patients. The types of data included in the files were names, government ID numbers, Social Security numbers, financial account details, birth dates, dates of service, medical insurance data, and medical data.

During the issuance of notification letters, STAR stated it did not receive any report of misuse of patient data. STAR mentioned it periodically assesses and changes its practices to protect the privacy and security of patient data and will keep on doing it moving forward.

California Health Insurance Agency Data Breach Impacted 14,600 Patients

The health insurance company, CCA Health California, has reported the potential compromise of the PHI of 14,631 Vitality Health Plan of California members. CCA Health California just bought the Vitality Health Plan of California at the beginning of this year.

CCA Health California found out about the data breach in September 2022. Unauthorized persons had obtained access to systems that contain files with PHI and deleted a number of those files from May to September 2022. It wasn’t possible to know which particular files were viewed or downloaded, however, an evaluation of all files that may possibly have been copied showed they included these types of data: names, birth dates, Social Security numbers, passport numbers, diagnosis, and treatment data, demographic details, medical record numbers, medical insurance data, provider names, laboratory results, and prescription details.

CCA Health California stated security measures were improved to avoid identical breaches down the road and tracking functions were improved.

Health Plan Member Data Potentially Exposed Due to Ransomware Attack on Innovative Service Technology Management Services

Outsourcing company, Innovative Service Technology Management Services based in Georgia, has encountered a ransomware attack. The attacker acquired access to its network and possibly extracted files on June 3, 2022. The PHI of health plan members may have been included in the accessed or copied files. The comprehensive analysis of the files was finished on October 17, 2022, and affirmed the inclusion of the PHI of 2,654 persons. Information such as names, financial account data, and other personal details were included. In view of the breach, the company performed a global password reset and updated all critical programs. Impacted persons were provided free identity theft protection service membership via Experian IdentityWorks.

About Christine Garcia 1312 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at