176,200 Ortho Alaska Patients Affected by Data Breach
OrthoAlaska has recently notified the HHS’ Office for Civil Rights (OCR) about a data breach that has affected 176,203 patients. At present, little is known about the data breach other than it being a hacking/IT incident in which patient information was exposed or stolen. There is currently no mention of the data breach on the OrthoAlaska website.
The data exposure could potentially be linked to a data breach at OrthoAlaska in October 2022 that exposed the information of former employees. In that incident, it was determined on March 3, 2023, that employee data was involved, and notifications were issued on April 3, 2023.
This post will be updated when further information is obtained.
Physical Therapy Patients in New York Had PHI Exposed in Cyberattack
Patients of Physio Logic Chiropractic and Physical Therapy, Physio Logic Medicine, and Dr. Patty DiBlasio have had some of their protected health information exposed in a cyberattack. The cyberattack was detected on July 31, 2023, and a comprehensive investigation was launched to determine the nature and scope of the attack. The investigation revealed an unauthorized third party had access to a single server between July 2, 2023, and August 4, 2023. On September 14, 2023, it was determined that protected health information may have been accessed, including names, addresses, dates of birth, driver’s license numbers, state identification numbers, diagnoses, treatment information, health insurance information, and payment card information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Notifications have now been mailed to the 9,580 individuals who were affected. The delay in issuing notifications was due to the time taken to identify and populate address information. Additional technical safeguards are being implemented and policies and procedures are being reviewed and will be updated to improve data security.
Bluegrass Care Navigators: Compromised Email Account
Kentucky-Based Hospice of the Bluegrass, Inc., doing business as Bluegrass Care Navigators, has discovered an unauthorized third party has gained access to the email account of one of its employees. The unauthorized access was detected on July 31, 2023, and after securing the account, third-party digital forensics specialists were engaged to determine the extent of the data breach.
The investigation confirmed that three files were accessed in the attack that contained the protected health information of 6,814 patients. The compromised data was limited to names, birth dates, and addresses. No health information was accessed or stolen in the attack. Notification letters have been mailed to the affected individuals and additional safeguards have been applied to its email system.
Mosaic Mental Health Reports July 2023 Cyberattack
Riverdale Mental Health, doing business as Mosaic Mental Health in New York City, has recently reported a cyberattack that was discovered on July 27, 2023. The forensic investigation confirmed that an unauthorized third party had access to parts of its computer systems that contained patient information.
The information potentially compromised in the attack included names, addresses, dates of birth, social security numbers, diagnosis codes, health plan information, clinical data such as medical records requests, progress notes and evaluations, and procedure codes. While data was exposed, no misuse of patient information has been detected. Mosaic Mental Health said administrator credentials have been changed and further steps are being taken to enhance network security. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 7,281 individuals.
