Continuum Health Alliance Data Breach Affects 377,000 Consensus Medical Group Patients
Marlton, NJ-based Continuum Health Alliance has recently confirmed that it has experienced a security incident that exposed the data of 377,119 patients of its client, Consensus Medical Group, a physician-owned medical group in Evesham, NJ. Continuum identified unauthorized activity within its network on October 19, 2023, and after taking steps to secure its systems, third-party cybersecurity specialists were engaged to identify the suspicious activity. The forensic investigation confirmed that an unauthorized third party had gained access to some of its systems between October 18 and October 19, and acquired certain files.
On February 16, 2024, Continuum announced on its website that it was investigating the incident. The file review was completed on March 8, 2024, when it was confirmed that the exposed data included patients’ names and Social Security numbers. Continuum then worked to verify the information and obtain up-to-date address information, and HIPAA notification letters were mailed on April 29, 2024.
Continuum has implemented additional safeguards to prevent further security incidents and has provided additional training to its workforce. The affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months.
Guardant Health Discovers Online Exposure of Patient Data
Guardant Health, a medical laboratory in Redwood City, CA, that performs cancer screening tests on samples provided by physicians and hospitals, has recently notified patients of some of its clients that their protected health information has been exposed online. Guardant Health did not state in its notification letters when it discovered the data exposure, only that an employee inadvertently uploaded a file containing patient data to an online platform in October 2020. Guardant Health immediately removed the file when the error was discovered, and on March 4, 2024, it was confirmed that unidentified third parties downloaded the file between September 8, 2023, and February 28, 2024.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The protected health information in the file varied from patient to patient and included some or all of the following: name, age, medical record and identification numbers, and medical information such as treatment information, dates of treatment, and test results. No financial information or Social Security numbers were present in the file. Guardant Health said it has enhanced its technical controls and has provided further employee training to prevent similar incidents in the future. The breach has been reported to the HHS’ Office for Civil Rights as affecting 9,309 individuals.
