Share this article on:
Cancer Treatment Centers of America is alerting 104,808 patients of its Midwestern Regional Medical Center that some of their protected health information was contained in an email account that was accessed by an unauthorized individual.
Suspicious activity was identified in a CTCA account holder’s account on January 18, 2021. The account was immediately secured to prevent further unauthorized access and a third-party forensics firm was engaged to assist with the investigation and determine the nature and scope of the breach.
The investigation revealed the email account was accessed on January 12, 2021 and access remained possible until January 18 when a password reset was performed. It was not possible to confirm which emails, if any, were accessed, nor was it possible to rule out data theft.
A review of the compromised account revealed it contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information. No financial information or Social Security numbers were compromised.
CTCA has implemented additional security measures to prevent further breaches and additional security enhancements are being evaluated. Notifications were sent to affected individuals on March 18, 2021.
Vendor Breach Affects More than 9,000 Insulet Patients
The Acton, MA-based medical device company Insulet Corporation is alerting 9,050 patients about a data breach at an online customer training vendor – Cornerstone On-Demand.
Insulet was notified around January 19, 2020 that an unauthorized individual had gained access to Cornerstone’s systems on January 13, 2021 and potentially downloaded data that included the protected health information of Insulet patients.
Data stored on the compromised system included names, email addresses, Insulet customer training records, and online course information. When Cornerstone identified the breach, its systems were immediately secured to prevent further unauthorized access. Additional security measures have since been implemented to prevent further attacks. Insulet said it has begun transitioning to a new online training vendor and will order Cornerstone to delete all its data once the transition has been completed.