15K Patients Potentially Affected by Insider Incident at New York Healthcare Provider
More than 15,000 patients of Stram Center for Integrative Medicine have potentially been affected by an insider incident, SSK Plastic Surgery has disclosed a 2024 cyberattack, and The Grove at Valhalla Rehabilitation and Nursing Center has been affected by a security incident at one of its vendors.
Stram Center for Integrative Medicine
Stram Center for Integrative Medicine in New York has notified 15,263 individuals about a security incident involving the misuse of a patient’s payment card information by a former employee. The employee was arrested in connection with the card misuse and Stram Center for Integrative Medicine is cooperating with the law enforcement investigation. Since there is a possibility that the employee’s misuse of the payment card was not an isolated incident, a review was conducted to identify all patients whose data could potentially have been accessed by the former employee during their employment. Stram Center for Integrative Medicine said it is unaware of misuse of any other patient’s information and no Social Security numbers were accessed by the employee. Notification letters have been mailed to the 15,263 individuals whose data could have been accessed out of an abundance of caution to put them on alert that they should carefully monitor their financial accounts and statements.
SSK Plastic Surgery
SSK Plastic Surgery in Newport Beach, California has recently confirmed that it was the victim of an extortion attempt. A threat actor breached its network and obtained patient data, then issued a demand for payment. It is unclear when its network was breached; however, the investigation confirmed on January 13, 2025, that “a limited number of documents” containing patient data such as names, addresses, telephone numbers, email addresses, and limited health information had been stolen. Some images may also have been obtained if they were provided for virtual consultation services and, in a very limited number of cases, Social Security numbers and driver’s license numbers were compromised.
Law enforcement has been notified about the incident and the practice has been working closely with cybersecurity experts to investigate the incident and implement hardened defenses to prevent similar incidents in the future. Individual notification letters have been mailed to the affected individuals and free credit monitoring services have been made available. The incident has been reported to regulators, but it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Grove at Valhalla Rehabilitation and Nursing Center
HHH Acquisition LLC, doing business as The Grove at Valhalla Rehabilitation and Nursing Center, learned on September 19, 2024, that patient data had potentially been compromised in a security incident at one of its third-party vendors. An investigation was launched and The Grove has been working closely with its vendor to determine the nature and scope of the incident. The vendor confirmed that the incident occurred on or around July 20, 2024, and potentially involved information such as names, addresses, medical information, and for some individuals, Social Security numbers. The data of 4,196 individuals was potentially compromised in the incident and individual notifications were mailed to those individuals on January 28, 2025. The Grove said steps have been taken to strengthen security to prevent similar incidents in the future.
