140,000 SEIU 775 Benefits Group Members’ PHI Potentially Compromised

SEIU 775 Benefits Group in Washington has notified approximately 140,000 of its members that some of their protected health information has been exposed. Around April 4, 2020, SEIU 775 Benefits Group’s IT team detected anomalous activity within the group’s data systems, including the apparent deletion of certain data files.

Third party digital forensics experts were engaged to assist with the investigation and confirmed that systems had been accessed by an unauthorized individual who deleted certain files that contained personally identifiable and protected health information. The forensics experts found no evidence to indicate any protected health information was downloaded or viewed and no reports have been received that suggest there has been any misuse of PHI.

The types of information potentially accessed was limited to names, addresses, and Social Security numbers, with health plan eligibility or enrollment information also potentially compromised. Affected individuals have been offered complimentary credit monitoring and identity theft protection services through Kroll for 12 months.

Woodholme Gastroenterology Associates Breach Impacts 50,000 Patients

Woodholme Gastroenterology Associates in Baltimore, MD has discovered an unauthorized individual gained access to its systems and exfiltrated files that included patients’ protected health information on February 25, 2021.

The security breach was detected on March 1, 2021 and steps were immediately taken to prevent any further unauthorized access. A comprehensive review of the files that were exfiltrated or potentially accessed revealed they contained patients’ names, addresses, email addresses, dates of birth, patient ID numbers, diagnoses and/or treatment information. A limited number of Social Security numbers, driver’s license numbers, and health insurance information was also potentially compromised.

Complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security number or driver’s license number was exposed. The HHS’ Office for Civil Rights breach portal indicates up to 50,000 patients have been affected.

Employee of Vitality Senior Living Charged with Identity Theft

A certified nursing assistant formerly employed by Vitality Senior Living in Arlington, VA has been charged with stealing the identities of 6 residents under her care.

In April, the woman allegedly admitted to the executive director that she had fraudulently cashed a $1,200 check from one of the residents. The woman was terminated and law enforcement was notified. The victim reported the matter to the police and said 6 blank checks had been stolen from his checkbook and two had been cashed. The victim also said several fraudulent charges had been made against his debit card.

The suspect’s name had been written on one of the cashed checks and the other had her brother’s name, who was also employed at Vitality Senior Living but was not charged in relation to the incident. The police found photographs of the victim’s driver’s license and debit cards on the suspect’s phone along with evidence that a further 5 residents had been targeted, three of whom had been defrauded. The police also found evidence that the woman had tried to file fraudulent unemployment claims and tax returns for individuals whose identities could not be verified.

The woman is due to appear in court on May 25, 2021 on more than dozen identity theft charges.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.