7 Month Data Breach Discovered by Communities Connected for Kids

Port St. Lucie, FL-based Communities Connected for Kids (CCK) has discovered an unauthorized individual gained access to databases containing the protected health information of child clients, their parents and staff members.

The breach was identified when suspicious activity was detected in the databases by one of its third-party vendors. An external computer forensics expert was hired to conduct an investigation which revealed access to the databases was first gained in August 2018. The breach was detected in March 2019 and access to the databases was promptly blocked.

During the 7 months that the individual had access to the databases, range of sensitive information was potentially viewed and downloaded.

The information exposed varied from individual to individual, but may have included name, contact information, date of birth, Social Security number, financial information, family information, Medicaid number, medical record number, prescription information, health insurance information, and medical and clinical information such as diagnoses and treatment information.

According to the breach report submitted to the Department of Health and Human Services’ Office for Civil Rights, 501 individuals were impacted by the breach. That figure may rise, as CCK is still conducting a review of the databases to determine the individuals whose information has been exposed. Once all individuals have been identified, notification letters will be sent, and affected individuals will be provided with free identity theft protection services.

CCK has identified the vulnerabilities which were exploited to gain access to the databases and is working hard to address those issues to ensure that security is improved and further breaches are prevented.

New York Health and Human Services Agency Breach Impacts 1,000 Individuals

People Inc., a not-for profit health and human services agency in Western New York which provides services to seniors and individuals with developmental disabilities, has experienced a phishing attack that has impacted approximately 1,000 individuals.

An investigation was launched on February 19, 2019 following the discovery of unauthorized access to its systems. A forensic investigation confirmed that an unauthorized individual had gained access to two employee email accounts after they responded to phishing emails.

Emails and attachments in the compromised accounts were discovered to include protected health information including names, addresses, Social Security numbers, insurance information, driver’s license numbers, government ID numbers, medical information and financial information.  At this stage, no information has been received to suggest any patient information has been misused.

People Inc., is offering affected individuals free credit monitoring services for one year. The HHS will be notified when People Inc., has confirmed the exact number of individuals affected. The FBI has already been notified about the breach.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.