The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Activate Healthcare Reports Security Breach Affecting up to 93,761 Patients

Posted By on Jun 30, 2023

The Illinois-based healthcare provider, Activate Healthcare, LLC, has recently confirmed that it suffered a security breach that resulted in the theft of patient data. Suspicious activity was detected within its IT systems on April 27, 2023, and the subsequent forensic investigation confirmed that an unauthorized third party had access to its network between April 22, 2023, and April 28, 2023.

On April 29, 2023, it was confirmed that files had been exfiltrated that included patient information such as names, dates of birth, addresses, Social Security numbers, driver’s license numbers, and clinical information, such as provider names, dates of service, and/or diagnoses. At the time of issuing notification letters, no evidence of misuse of patient data had been detected; however, as a precaution, affected individuals have been offered complimentary credit monitoring and identity protection services.  Activate Healthcare said steps will continue to be taken to enhance the security of its computer systems.

The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 93,761 patients.

Community Research Foundation Confirms 30,000-Record Data Breach

Community Research Foundation (CRF), a San Diego, CA-based non-profit research foundation that develops and operates programs focused on the treatment, education, and rehabilitation of individuals with mental health problems and substance use problems, has recently confirmed that sensitive health data was accessed by an unauthorized individual last year.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

CRF detected a security breach on October 13, 2022, and third-party cybersecurity experts were engaged to investigate the incident. CRF said the review of the affected files concluded on April 19, 2023, when it was determined that the protected health information of individuals who sought medical services through medical and/or social service programs that CRF supports was involved. That information included names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment and/or diagnosis information, and/or health insurance information.

CRF said after confirming which individuals had been affected, contact information needed to be verified to allow notification letters to be mailed, hence the delay in issuing notifications. The breach notice makes no mention of when access to its systems was gained, and credit monitoring services do not appear to have been offered to affected individuals.

The data breach was recently reported to the HHS’ Office for Civil Rights as affecting up to 30,057 individuals.

Henrietta Johnson Medical Center Patients Affected by Data Breach at Delaware Health Network

The Henrietta Johnson Medical Center (HJMC) in Wilmington, DE, has been affected by a security incident at the healthcare-controlled network provider and electronic health records management provider, Delaware Health Network (DHN). According to the HJMC notice, unauthorized individuals gained access to certain DHN systems on or around April 5, 2023, and copied files from those systems. DHN is currently investigating the incident to determine the extent of the data breach but has notified HJMC and other clients that their data may have been impacted.

HJMC has not yet been informed of the number of patients that have been affected. Based on the findings of the forensic investigation to date, the following data types may have been exposed: full name, dates of birth, ethnicity, medical record number, diagnosis code, lab information, and health insurance information. DHN has confirmed that Social Security numbers and financial account information were not viewed or stolen.

HJMC said it is reviewing its policies and procedures relating to third-party vendors and will continue to pursue information from DHN about the event. Out of an abundance of caution, notifications will be sent to all patients. The breach has been reported to the HHS’ Office for Civil Rights as affecting 500 individuals. That number will be updated when DHN confirms how many patients have been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist