The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Amerita Confirms 219,700 Patients Affected by PharMerica Cyberattack

Posted By on Sep 14, 2023

The Kansas-based pharmaceutical and infusion product provider Amerita has recently notified 219,707 individuals that some of their protected health information was exposed in a cyberattack on the computer network of Amerita and its parent company, PharMerica. According to the notification letters, suspicious activity was detected in its computer systems on March 13, 2023. The forensic investigation confirmed that unauthorized individuals had access to its network from March 12 to March 13, 2023, and during that time, files may have been obtained from its systems.

Amerita confirmed that the information potentially compromised in the incident included names, addresses, medical histories, diagnoses, medications, and health insurance information. No evidence was found to suggest Social Security numbers and driver’s license numbers were compromised. Amerita and PharMerica have enhanced their technical security measures to prevent similar incidents in the future.

Amerita did not state the exact nature of the attack in its notification letters; however, this appears to have been a ransomware attack by the Money Message ransomware group. As previously reported by The HIPAA Journal, the Money Message group claimed responsibility for the attack and said 4.7 terabytes of data were stolen. PharMerica reported the data breach to the HHS’ Office for Civil Rights in May 2023 as affecting 5,815,591 individuals.

MedMinder Systems, Inc. Notifies Patients About February 2023 Cyberattack

MedMinder Systems, Inc., a Massachusetts-based medication management and pharmacy solution provider, has recently confirmed that the protected health information of 12,146 individuals was exposed and potentially stolen in a February 2023 cyberattack. The forensic investigation confirmed that an unauthorized third party had access to its network between February 7, 2023, and February 21, 2023.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The review of the files potentially accessed in the attack was completed on August 8, 2023, and notification letters were sent to the affected individuals on September 1. The data involved was limited to names, dates of birth, and prescription information. MedMinder said its security infrastructure has been enhanced with advanced threat detection and monitoring mechanisms and that its practices and internal controls will continue to be evaluated and modified to enhance the privacy and security of personal information.

Email Account Compromised at Absolute Dental Services

Absolute Dental Services, a Durham, NC-based dental laboratory, has experienced a security incident involving the protected health information of 10,037 patients of the dental practices it supports. Suspicious activity was detected in an employee email account on February 21, 2023 and steps were immediately taken to secure the account. An investigation was launched to determine the nature and scope of the breach and on March 8, Absolute Dental Services confirmed that the breach was confined to a single account. A vendor was then engaged to review the account to identify the information potentially accessed.

In June, it was confirmed that the account contained the protected health information of certain patients, including names, dates of birth, service dates, full face photos, physician/medical facility information, medical condition/ treatment information, medical device identifiers, medical diagnosis information, DNA profiles, and medical record numbers. Affected individuals were notified on August 21, 2023. At the time of issuing notifications, no misuse of patient information had been detected.

SouthCoast Medical Group Investigating Cyberattack on its Network

SouthCoast Medical Group in Georgia has recently announced that its information systems were accessed by unauthorized individuals who downloaded files from its network. Suspicious activity was detected within its IT environment on June 18, 2023, with the forensic investigation confirming unauthorized access to its systems between June 15 and June 18, 2023. The electronic medical record system was not believed to have been accessed; but files on the compromised parts of its network contained protected health information such as names, Social Security numbers, dates of birth, addresses, phone numbers, and data related to treatment, such as admission/discharge dates.

The investigation into the data breach is ongoing and SouthCoast Medical Group has not yet determined which patients have been affected. Notification letters will be issued when that process is completed. In the interim, the breach has been reported to the HHS’ Office for Civil Rights as affecting at least 501 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist