38,000 Individuals Affected by Center for Urban Community Services Cyberattack
Security breaches have been reported by the Center for Urban Community Services in New York, Riverview Health in Indiana, and Smile Design Management in Florida.
The Center for Urban Community Services, New York
The Center for Urban Community Services, a New York social services organization, has notified 38,000 individuals about a network intrusion that occurred between September 4, 2023, and September 9, 2023. The intrusion was detected on September 9, 2023, and an investigation was launched, but data acquisition was not confirmed at the time. Center for Urban Community Services has now confirmed sensitive data was exfiltrated in the incident. The types of information involved varied from individual to individual and may have included names, addresses, telephone numbers, dates of birth, Social Security numbers, benefit identification numbers, health information, and prescription information. The Center for Urban Community Services is unaware of any misuse of the affected information.
Riverview Health, Indiana
Riverview Health in Noblesville, IN has discovered unauthorized access to an employee’s email account. An unidentified third party had access to the account for less than an hour on August 23, 2024, before the intrusion was detected by its security software and access to the account was blocked. The investigation confirmed that a single email account had been compromised after an employee was tricked by a social engineering scam. The window of opportunity for viewing and copying sensitive information in the account was short but it is possible that electronic files in the account may have been compromised. The files were reviewed and confirmed to contain patients’ protected health information such as name, sex, date of birth, medical record number, admission date(s), and medical information such as diagnosis.
Since social security numbers, financial information, bank account numbers, and health insurance information were not compromised, Riverview Health believes the risk of misuse of patient data is low. Riverview Health is reviewing its policies around phishing and social engineering and is evaluating methods and procedures for improving electronic access and controls. Notification letters were mailed to the affected individuals on October 24, 2024. The HHS’ Office for Civil Rights portal indicates that 1,562 individuals were affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Smile Design Management, Florida
Smile Design Management, a Tampa, FL-based operator of 50 dental care facilities in Florida, has discovered unauthorized access to files on its network. The breach was detected on February 22, 2024, when unusual network activity related to a third-party software solution was detected.
Third-party cybersecurity specialists were engaged to investigate the activity and confirmed unauthorized access to its network between February 22, 2024, and February 23, 2024. The review of the affected files was completed on August 15, 2024, and after verifying contact information, notification letters were sent to the affected individuals, who have been offered complimentary credit monitoring and identity theft protection services. The substitute breach notice does not state the types of information compromised in the incident.
Smile Design Management said it has implemented additional technical safeguards to prevent similar breaches in the future. The breach was reported to the HHS’ Office for Civil Rights on October 10, 2024, as involving the protected health information of 500 individuals.
