Share this article on:
Arizona Asthma and Allergy Institute has issued breach notification letters to 70,372 patients who received services between October 1, 2015 and June 15, 2020.
According to the breach notice, a range of their personal and protected health information including names, patient ID numbers, provider names, health insurance information, and treatment cost information was exposed online under the name of a different organization for a brief period in September 2020.
After being alerted about the exposed data, a third-party forensics company was engaged to investigate the breach. The investigation concluded on March 8, 2021 and confirmed that protected health information had been exposed.
According to databreaches.net, which contacted Arizona Asthma and Allergy Institute to alert them about the breach, this was a ransomware attack by the Maze ransomware operation. Sensitive data obtained in the breach had been posted to the Maze Group’s data leak site for a short period in September under the name Medical Management Inc.
Stillwater Medical Center Investigation Security Breach
Stillwater Medical Center in Oklahoma has launched an investigation into a security breach affecting certain information systems. In a June 14, 2021, Facebook post, Stillwater Medical Center explained that a breach occurred on June 13, 2021 and systems were immediately shut down while the incident was investigated. A third-party computer forensics firm is assisting with the investigation and systems will be brought back online as soon as possible.
The investigation is still in the early stages but, so far, no evidence has been found to indicate any patient data has been compromised. Further information about the incident will be released as and when it becomes available.
Nebraska Department of Health and Human Services Alerts Individuals About Privacy Breach
The Nebraska Department of Health and Human Services has identified a software error that resulted in individuals’ phone numbers and partial Social Security numbers being sent to a third party in April 2021.
The HHS discovered the privacy incident on April 9, 2021 and has now issued notification letters to approximately 500 individuals. According to the HHS, the nature of data and the individual to whom it was sent – an individual in the State of Nebraska – makes the risk of identity theft or fraud low.
Temporary measures have been taken to fix the software error while the HHS works on a more permanent solution.