North Carolina Hospice Discovers 58,000-Record Data Breach
Data breaches have been announced by AuthoraCare Collective in North Carolina, Lifetime Psychiatry in Missouri, and McNall & Associates in Alaska.
AuthoraCare Collective
AuthoraCare Collective, a nonprofit hospice in Greensboro, North Carolina, suffered a cyberattack in August 2024. Technical issues related to systems in its network were identified on August 22, 2024. Assisted by third-party IT forensics experts, it was determined that an unauthorized actor gained access to its systems between August 18 and August 22, 2024. The investigation confirmed on October 21, 2024, that the protected health information of up to 58,019 individuals was accessed or acquired.
The review of the affected files confirmed they contained names, medical diagnoses, prescription information, Social Security numbers, and demographic information. Notifications were mailed to the affected individuals in January 2025, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were involved.
Lifetime Psychiatry
Lifetime Psychiatry, LLC, in St. Peters, MO, has recently confirmed that an employee’s email account was accessed by an unauthorized third party. Suspicious activity was identified in the email account on September 27, 2024, and it was confirmed on October 31, 2024, that the email account contained patient information. Patient information was likely accessed or copied between September 5 and September 27, 2024.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The data involved was used for billing purposes and included names, addresses, telephone numbers, dates of birth, health insurance information, clinical information, and diagnostic and treatment information. A limited number of individuals also had their bank account information, credit card data, and/or Social Security numbers exposed. In total, up to 16,926 patients may have been affected. Lifetime Psychiatry has enhanced its email security procedures, including strengthening conditional access policies and broadening the use of multi-factor authentication.
McNall & Associates
The Anchorage, AK-based law firm, McNall & Associates, P.C. identified a cyberattack on its network on or around October 28, 2024. The forensic investigation confirmed that a computer server that stored client information was accessed in the attack and data may have been copied. The server review has now been completed and was found to contain the names, addresses, Social Security numbers, driver’s license numbers, and limited health information of 10,175 individuals. Access controls have been tightened, and additional technical security measures have been implemented to strengthen security. The affected individuals have been offered complimentary credit monitoring and identity theft protection services through IDX.
