36,000 Members Affected by Central California Alliance for Health Email Breach

The Central California Alliance for Health has discovered an unauthorized individual gained access to the email accounts of several employees and potentially viewed or copied information in emails and email attachments. The breach was detected on May 7, 2020 and prompt action was taken to secure the affected accounts. In each case, the accounts were accessed for a period of about one hour.

A review of the compromised accounts revealed they contained a limited amount of protected health information of Central California Alliance for Health members such as Alliance Care management program records, dates of birth, claims information, demographic information, Medi-Cal ID numbers, referral information, and medical information. No financial information or Social Security numbers were compromised.

Following the breach, a full password reset was performed for all email accounts, including those that were not compromised. Further training on email security has also been provided to employees.

The breach has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting 35,883 members.

Hutton & Hale, D.D.S., Inc. Hack Impacts 8,394 Patients

Dr. Ann Hale of Hutton & Hale, D.D.S., Inc. has started notifying 8,394 patients that some of their protected health information may have been obtained by a hacker who gained access to the practice’s databases and computer systems on May 25, 2020.

Those systems contained patients’ medical records and protected health information such as names, addresses, contact telephone numbers, Social Security numbers, and X-ray data information.

All affected patients have been offered complimentary membership to identity theft protection and credit monitoring services for 12 months and will be protected by a $1,000,000 identity theft insurance policy. No reports have been received to date to suggest any patient information has been misused.

The practice is adding additional safeguards to its web server infrastructure to prevent further security breaches.

Wisconsin Department of Corrections Breach Impacts 1,853 Individuals

The Wisconsin Department of Corrections has discovered information on individuals in its treatment facilities was exposed on the websites of three vendors contracted to manage canteen orders. The data was discovered by an employee on May 15, 2020. Affected individuals were notified on June 15, 2020.

The exposed information was limited to names along with information about the treatment facility where they are located. That information should have been masked on the websites. The error has now been corrected and the information is no longer accessible via the internet.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.