– Georgia-based EyeSouth Partners recently began notifying 24,113 patients that their protected health information was potentially compromised after an employee email hack.
On October 25, officials discovered an individual gained unauthorized access to an employee email account. Upon discovery, officials secured the account and launched an investigation, which determined access began more than a month earlier on September 11.
EyeSouth worked with a third-party forensics team to analyze the compromised data and found the security incident potentially breached patient names, health insurance carriers, where applicable, and some account balance information.
The provider has since bolstered the effectiveness of the IT safeguards and confirmed the security of its systems.
Malware Attack on Reproductive Medicine and Fertility Associates
A malware attack on Woodbury, Minnesota-based Reproductive Medicine and Infertility Associates has potentially breached patient data.
Officials discovered the cyberattack on December 5 and hired an outside forensics team to remove the malware from the IT systems and assist with the investigation. They were unable to determine how the virus was installed on the network.
The infected systems contained a wide range of patient data, including names, dates of birth, Social Security numbers of donors, addresses, treatment details, and health insurance data. All patients impacted by the breach are being offered a year of free credit monitoring and identity theft monitoring services.
In response to the security incident, the infertility clinic improved its anti-malware security, such as adding another firewall, additional security layers, and data security training for employees.
Chaplaincy Health Care Phishing Attack
Washington-based Chaplaincy Health Care recently reported the potential breach of 1,086 patient records, after a hacker gained access to an employee email account through a phishing attack.
On November 20, officials discovered the unauthorized access, which began on the same day. A third-party forensics team worked with Chaplaincy on the investigation and determined the hacker only had access to the account for four hours.
The compromised emails include a wide range of data, which varied by patient, but could include names, dates of birth, the last four digits of Social Security numbers, medical record numbers, dates of service, prescription information, and addresses. Victims have been offered a year of free credit monitoring and identity theft protection.
Employees will receive additional training around email security, and officials have since added two-factor authentication to accounts to prevent future attacks.
Stonehaven Dental Server Theft
Waco, Texas-based Stonehaven Dental was recently burglarized, and the thieves stole a computer server from the clinic that contained patient data.
While the server was password-protected by two layers of security, the patient data was not encrypted. As a result, if the thieves gained access to the server, they would be able to access patient names, medical records and record numbers, health insurance data, dates of birth, and addresses.
For some patients, this could also mean a breach of their Social Security numbers and or Driver’s license numbers. In total, 6,289 patients were impacted by the theft.
The provider was able to restore data from its cloud storage server. Stonehaven has since bolstered its security, including the encryption of all patient data stored on external devices.