Service Access & Management Investigating Cyberattack
Service Access & Management, Inc (SAM)., a Reading, PA-based case management service provider for youth and families in Pennsylvania and New Jersey, has warned clients that some of their protected health information may have been compromised in a July 2024 cyberattack.
Unauthorized system activity was identified on July 5, 2024, and incident response protocols were initiated. Assisted by independent computer forensics specialists, SAC determined that there had been unauthorized access to its systems. On July 29, 2024, it was confirmed that personal and protected health information had been exposed.
The substitute breach notice on the SAM website does not currently state what types of information were exposed. SAM is working on identifying the individuals affected and the exact types of information exposed and will issue notifications when that process has been completed. SAM has confirmed that complimentary credit monitoring and identity theft protection services will be offered to individuals whose Social Security numbers were exposed. To meet breach reporting requirements, the incident has been reported to the HHS’ Office for Civil Rights with an interim total of 501 affected individuals. The total will be updated when the investigation and file review have concluded.
Dr. Daniel J. Leeman
Dr. Daniel J. Leeman, an Austin, TX-based physician and ENT specialist, has recently reported a data breach to the Texas Attorney General that has affected up to 20,000 Texas patients. An unauthorized third party gained access to the protected health information of patients including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, health insurance information, and medical information. It is unclear when the breach occurred or when it was detected. Notification letters were mailed on September 4, 2024, to all potentially affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Baptist Health Medical Center Drew County
Baptist Health Medical Center-Drew County in Monticello, AR, has notified 5,207 patients about a security breach detected on July 8, 2024. Assisted by third-party cybersecurity experts, Baptist Health confirmed that an unauthorized third party accessed parts of its IT network between April 22, 2024, and July 8, 2024, and may have acquired files containing patient information.
The patient information exposed in the incident included names, addresses, dates of birth, diagnoses, treatment information, medical record numbers, dates of treatment, and provider names. Drew County employees and their dependents had their names, Social Security numbers, driver’s license numbers, bank account information, and health insurance information exposed. Due to the nature of the data compromised in the incident, credit monitoring services have not been offered. The affected individuals were notified between August 30, 2024, and September 30, 2024, and advised to monitor statements from healthcare providers and health insurance plans and report any listed services that have not been received to their healthcare provider/health plan immediately.
