462,000 Hawai’i Residents Affected by Data Breach at Navvis & Company
Approximately 462,000 individuals who enrolled in health plans through the Hawaii Medical Service Association (HMSA) have been affected by a data breach at the St. Louis, MO-based business services provider Navvis & Company. Navvis & Company detected unauthorized activity within its systems on July 25, 2023, and the forensic investigation confirmed that an unauthorized third party had access to its systems between July 12, 2023, and July 25, 2023, and exfiltrated sensitive information.
Navvis & Company mailed notification letters to the affected health plan enrollees last month. The information exposed in the incident included names, dates of birth, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider and doctor information, and health record information. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Navvis & Company reported the breach to OCR as affecting 917 individuals, with the affected clients mostly choosing to report the breach themselves. As such the total number of individuals affected is not known. Other affected clients included SSM Health.
Atlanta Women’s Health Group Notifies 34,000 Patients About April 2023 Cyberattack
Atlanta Women’s Health Group has notified 33,839 current and former patients that their protected health information was stolen in a cyberattack that was detected on April 12, 2023. Third-party cybersecurity experts were engaged to investigate the extent of the breach and an extensive data mining exercise was conducted to determine the individuals affected and the types of data involved.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Atlanta Women’s Health Group said for the majority of patients, the exposed data was limited to names, dates of birth, patient ID numbers, and other information that may be contained in medical records. It was not possible to tell which specific types of information were accessed or acquired. The review was time-intensive, hence the delay in issuing notification letters. Following the attack, Atlanta Women’s Health Group worked with outside security consultants to implement additional cybersecurity measures to prevent further attacks. While data theft occurred, Atlanta Women’s Health Group said it is unaware of any misuse of patient data.
Coastal Hospice & Palliative Care Confirmed PHI Exposure in July Cyberattack
Coastal Hospice & Palliative Care in Salisbury, MD, has confirmed that the protected health information of 29,100 individuals was potentially compromised in a July 2023 cyberattack. The attack was detected on July 24, 2023, when its network was disrupted. Cybersecurity experts were engaged to investigate the incident and assist with the recovery process.
The review of the files on the affected part of the network was completed on November 20, 2023, and confirmed that the following information had been exposed and was potentially obtained by the attackers: name, Social Security number, date of birth, medical diagnosis information, individual health insurance policy number, physician or medical facility information, medical condition or treatment information and patient account number. Coastal Hospice & Palliative Care said the incident was reported to the Federal Bureau of Investigation and steps have been taken to improve security to prevent similar incidents in the future.
