Aveanna Healthcare Announces Breach of 11 Employee Email Accounts
The Georgia-based healthcare provider, Aveanna Healthcare, has recently announced that the email accounts of 11 employees have been accessed by an unauthorized third party, who gained access to the protected health information of 10,482 patients. This is the second email breach to be reported by Aveanna Healthcare in recent months. On March 15, 2024, Aveanna Healthcare reported an email breach to the HHS’ Office for Civil Rights that involved the protected health information of 65,482 patients. That incident involved unauthorized access to an employee email account on or around September 22, 2023.
The latest breach was detected around a month after OCR was notified about the previous email breach. According to Aveanna Healthcare’s substitute breach notice, unusual activity was detected in the email accounts on April 17, 2024. Immediate action was taken to prevent further unauthorized access to the accounts and an investigation was launched to determine the nature and scope of the breach.
On June 12, 2024, it was confirmed that protected health information was present in the accounts, including names, Social Security numbers, driver’s license numbers/state identification numbers, dates of birth, medical information, diagnosis, treatment information, patient identification numbers, incidental health references, provider names, health insurance information, prescription information, Medicare/Medicaid numbers, and treatment cost information. The types of data involved varied from individual to individual.
While patient data was exposed, Aveanna Healthcare said it is unaware of any misuse of the exposed information; however, as a precaution, the affected individuals have been offered complimentary identity protection services through CyEx. “Aveanna takes the security and privacy of personal information in its possession very seriously and is taking additional steps to prevent a similar event from occurring in the future”, explained Aveanna Healthcare in its substitute breach notice.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Email Account Breach Announced by Allcare Medical Management
Allcare Medical Management, a San Bernadino, CA-based provider of medical practice management services, has recently notified the California Attorney General about a breach of its email environment. The breach notification letter explains that a single employee email account was accessed by an unauthorized individual on various occasions between March 4, 2024, and April 20, 2024.
Allcare Medical Management said the investigation was completed on May 23, 2024, and concluded that the attack appeared to have been conducted to perpetuate a phishing scheme, rather than obtain data stored in the account; however, unauthorized access to protected health information could not be ruled out. The review of the email account was completed on June 12, 2024, and confirmed that the incident involved data collected in connection with the services provided to its client, Family Planning Associates Medical Group Inc.
The types of data involved varied from individual to individual and may have included names along with one or more of the following: Social Security number, date of birth, contact information, medical record number, health insurance information, and information about treatment received at Family Planning Associates Medical Group. The affected individuals have been notified by mail and offered complimentary identity theft monitoring and protection services.
The HHS’ Office for Civil Rights breach portal indicates 16,378 individuals have been affected.
