PHI of 10,000 People Exposed Because of Houston Health Department Portal Glitch

The Houston Health Department has recently announced the exposure of personal information and COVID-19 test results of 10,291 people online due to a technical issue with its website. The problem enabled around 3,500 portal users to get access to the data of other persons.

The Houston Health Department mentioned it discovered the issue on January 6, 2022, and the webpage was shut down within 48 hours. Notification letters were deferred for a couple of weeks as the website problem was looked into to know the full nature and magnitude of the incident. The health department affirmed that this was not a hacking incident, and it seems that no exposed data was misused.

The types of information that may have been viewed included names, email addresses, addresses, dates of birth, testing times, and test data. Although no Social Security numbers were exposed, affected people were provided a complimentary membership to an identity theft protection service for one year.

Priority Health Announces Breach of Member Portal Accounts

The Michigan health insurance provider Priority Health has lately reported a breach affecting a number of member portal accounts. Based on a recent breach notice, the security breach was noticed on December 16, 2021. Immediate action was done to stop further unauthorized access, which include placing a hold on all member accounts from December 16 to December 21, as the incident was looked into and the website was secured.

Priority Health stated information in the breached accounts included names, phone numbers,
birth dates, addresses, insurance details, claims data, and limited medical data. Priority Health has been employed third-party security specialists to enhance security and avert other breaches. Multifactor authentication was also added to the portal on January 18, 2022.

It is presently uncertain how many persons were impacted.

Hofmann Arthritis Institute in Utah and Hofmann Arthritis Institute of Nevada

Hofmann Arthritis Institute in Utah and Hofmann Arthritis Institute of Nevada (HAI) have just announced that they encountered a cyberattack on Alta Medical Management and ECL Group (AMM), a vendor which offers accounting and billing services.

The attack happened on or about November 15, 2021, and averted HAI from getting access to some data on AMM systems. The investigation affirmed the attack was only affected AMM systems and HAI systems were not impacted. HAI stated AMM did not give any information on the nature of the cyberattack, however, HAI had determined on December 7, 2021, that the prohibition of access to AMM systems was caused by a cyberattack. HAI stated that the investigation into the breach is ongoing, however to date it was not possible to tell if any patient information was stolen in the cyberattack.

A thorough analysis of all files given to AMM was performed to find out the types of patient data that could have been breached. The analysis was finished on January 27, 2022, and established the following types of information were contained in the files: names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial details, medical records, medical insurance details, and billing data. HAI mentioned it is not aware of any actual or attempted misuse of patient information.

HAI stated it is going over its security policies and procedures associated with vendors and will use further measures to safeguard against more security breaches.

The breach report submitted to the HHS’ Office for Civil Rights indicated that 5,338 individuals were affected.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA