Almost 20,000 Aptihealth Patients Affected by Business Associate Data Breach
Data breaches have been announced by the behavioral health engagement company Aptihealth and the civil engineering and architecture firm Wilson & Company.
Aptihealth
The Saratoga Springs, NY-based behavioral health engagement company, Aptihealth, has confirmed that the HIPAA protected health information of almost 20,000 patients has been exposed or stolen. The breach occurred at Sisense, a business associate of Aptihealth that provides data analytics services. In order to provide those services, Sisense is given access to Aptihealth data, which includes patients’ protected health information.
On April 17, 2024, Sisense notified Aptihealth and other clients that an unauthorized individual had gained access to a restricted access server between March 13, 2024, and April 10, 2024. The server contained names, addresses, dates of birth, dates of service, doctors’ names, medical treatment and diagnosis information, health insurance company names, and health insurance identification numbers. The incident affected 19,805 Aptihealth patients.
Aptihealth said Sisense has confirmed that its systems have been secured and the server can no longer be accessed. Sisense is sending individual notifications to the affected individuals and Aptihealth has established a call center for patients requiring further information – 855-568-3080. The helpline is open from 9:00 a.m. to 9.00 p.m. ET, Monday to Friday.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Wilson & Company
Wilson & Company, a civil engineering, architecture, and construction management company, has notified 1,867 members of its Engineers & Architects Health and Welfare Benefit Plan that some of their personal and protected health information was accessed and copied from its network.
A cyberattack was detected on April 16, 2024, when the company experienced network disruption. A forensic investigation was conducted which confirmed on April 24, 2024, that an unauthorized individual had access to its network between April 12, 2024, and April 16, 2024, and accessed and removed files. The file review confirmed that the information compromised in the incident included names, Social Security numbers, and limited health insurance plan enrollment information.
The affected individuals have been offered complimentary credit monitoring and identity theft protection services, additional security measures have been implemented, and further training has been provided to the workforce on data security.
