Health & Palliative Services of the Treasure Coast & Universal Health Corporation Suffer Email Breaches
Health & Palliative Services of the Treasure Coast in Florida and Universal Health Corporation in Virginia have discovered unauthorized access to their email systems and the exposure of patients’ protected health information.
Health & Palliative Services of the Treasure Coast
Health & Palliative Services of the Treasure Coast, a Florida-based provider of end-of-life care, has recently confirmed that 22,459 individuals had some of their personal and protected health information compromised in an email security incident.
Suspicious activity was identified in an employee’s email account on February 27, 2024. A third-party cybersecurity firm was engaged to conduct an investigation and confirmed on April 15, 2024, that there had been unauthorized access to a single email account. The data mining process to identify the individuals affected and the types of data involved was completed on July 17, 2024; however, virtually none of the affected individuals had addresses on file. The final list of affected patients was manually reviewed, and that process was completed on September 27, 2024. Neither the substitute notice on the Health & Palliative Services of the Treasure Coast website nor the notice to the Maine Attorney General state the types of information involved.
Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals and steps have been taken to prevent similar incidents in the future, including retraining employees on email security, updating policies, and conducting a weekly security scan of its site to identify potential security issues.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Universal Health Corporation
Universal Health Corporation, a Roanoke, VA-based medical group, has discovered unauthorized access to employee email accounts. Unauthorized access was detected on or around July 29, 2024, and the review was completed on September 24, 2024, which confirmed that patients’ protected health information was present in the accounts and may have been accessed or copied by an unauthorized third party.
The affected individuals had some or all of the following information exposed: name, address, date of birth, Social Security number, driver’s license number, financial account number, medical record number, patient ID number, Medicare/Medicaid number, health insurance information, medical diagnosis and treatment information, prescription information, medical treatment location(s), medical treatment date(s), healthcare provider name(s), and medical lab or test results.
At the time of issuing notifications, no misuse of the affected data had been detected; however, the 583 affected individuals have been advised to monitor their account statements and explanation of benefits forms for suspicious activity. Universal Health Corporation is reviewing its data security policies and procedures and has implemented additional safeguards to prevent similar breaches in the future.
