Over 30 Healthcare Providers Affected by CIOX Health Data Breach
The health information management services provider CIOX Health has suffered a data breach that has affected at least 32 healthcare providers. In July 2021, CIOX Health discovered an unauthorized individual had gained access to the email of an employee in the customer service department. The email account was immediately secured, with the subsequent investigation confirming the email account had first been accessed by an unauthorized individual on June 24, 2021, and access remained possible until the security breach was detected on July 2, 2021. The CIOX Health breach investigation confirmed that the incident was confined to a single employee email account, with the review of the contents of the email account determining on September 24, 2021, that it contained emails and attachments that included the protected health information of some of its healthcare provider clients such as names, dates of birth, provider names, dates of service, and the Social Security numbers, driver’s license numbers, health insurance information, and/or treatment information of a very limited number of...
Millennium Eye Care Says Ransomware Gang Stole a Large Amount of Patient Data
Millennium Eye Care, a Freehold, NJ-based provider of ophthalmology services, announced on December 22, 2021, that hackers recently gained access to its computer network and used ransomware to encrypt files in an attempt to extort money from the practice. It is unclear when the attack occurred from its breach notification letters, but Millennium Eye Care said it discovered on November 14, 2021, that the attackers had exfiltrated “a large amount of data” prior to encrypting files. The files obtained in the attack included a range of protected health information including names and Social Security numbers. Millennium Eye Care said it has increased network security measures to reduce the risk of further attacks and has provided additional cybersecurity training to the workforce to help them recognize external attacks. Affected individuals have been notified by mail and have been provided with information on the steps they can take to protect against identity theft and fraud. Identity theft protection services are being provided free of charge and affected patients will also be covered...
BioPlus Specialty Pharmacy Services Faces Class Action Lawsuit Over Data Breach
A Florida specialty pharmacy is facing a class action lawsuit over an October 2021 cyberattack in which the personally identifiable information (PII) and protected health information (PHI) of up to 350,000 patients were stolen. Altamonte Springs, FL-based BioPlus Specialty Pharmacy Services said a hacker had access to its network from October 25, 2021, until November 11, 2021, and during that time viewed files containing sensitive patient data. A computer forensics firm investigated the breach and confirmed patient data had been accessed. Since it was not possible to determine how many patients had been affected, the decision was taken to send notification letters to all 350,000 patients on or around December 10, 2021, one month after the breach was discovered. Data potentially compromised in the attack included names, contact information, dates of birth, medical record numbers, health insurance and claims information diagnoses, prescription information, and Social Security numbers. Affected individuals were offered a 12-month subscription to credit monitoring services at no cost....
Almost 80,000 Patients Affected by Cyberattack on Fertility Centers of Illinois
Fertility Centers of Illinois (FCI) has recently notified 79,943 current and former patients that some of their protected health information may have been viewed or obtained by unauthorized individuals. FCI identified suspicious network activity on February 1, 2021, and took prompt action to secure its systems. Independent forensic investigators were then engaged to determine the nature and scope of the security breach. FCI had implemented security measures to keep patient data secure, and those measures ensured its electronic medical record system could not be accessed; however, the attackers were found to have accessed administrative files and folders. A review of those files confirmed on August 27, 2021, that they contained a range of PHI including names in combination with one or more of the following types of information: Social Security numbers, passport numbers, financial account information, payment card information, diagnoses, treatment information, medical record numbers, billing/claims information, prescription information, Medicare/Medicaid identification information,...
Rhode Island Public Transit Authority Data Breach to be Investigated by State Attorney General
The Rhode Island Public Transit Authority (RIPTA) has recently notified the Department of Health and Human Services’ Office for Civil Rights about a data breach involving the protected health information (PHI) of 5,015 members of its group health plan. RIPTA explained in a breach notice on its website that the cyberattack was detected and blocked on August 5, 2021, and the forensic investigation determined hackers had access to its network from August 3, 2021. A comprehensive review of files on the compromised parts of its network identified files related to the RIPTA health plan, which were found to contain the names, addresses, dates of birth, Social Security numbers, Medicare ID numbers, qualification information, health plan ID numbers, and claims information of health plan members. It was also confirmed that those files had been exfiltrated from its systems by the attackers. RIPTA sent notification letters to affected individuals on December 22, 2021, and offered a complimentary membership to Equifax’s identity monitoring services. RIPTA also explained in its website breach...



