HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Coastal Family Health Center Cyberattack Affects 62,000 Patients

Coastal Family Health Center (CFHC), the fourth largest community health center in Mississippi, has started notifying patients about a May 13, 2021 cyberattack that involved some of their protected health information.

CFHC said hackers attempted to shut down its computer operations; however, that attempt failed and CFHC was able to continue treating patients and providing services to the community. An investigation was immediately launched into the incident to determine how the attack occurred and whether any sensitive patient information was accessed by the hackers.

On June 4, 2021 the investigation revealed some files accessed by the attackers contained the protected health information of patients, including names, addresses, Social Security numbers, health insurance information, and health and treatment information.

Independent cybersecurity professionals were engaged to assist with improving the security of its systems and policies and procedures have been changed to prevent further breaches in the future. After determining current mailing addresses, notification letters were sent to affected individuals on July 2, 2021.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

While there have been no reported cases of misuse of patient information, out of an abundance of caution, CFHC is providing all affected individuals with complimentary identity theft protection services through IDX.

The incident has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting 62,342 current and former patients.

Carle Cancer Treatment Reports Hacking Incident Affecting 8,066 Patients

Carle Cancer Treatment in Normal, IL has started notifying 8,066 patients that some of their protected health information was exposed in a cyberattack on data storage vendor Elekta.

Elekta investigated the data breach and determined hackers had access to its systems between April 2 and April 20, 2021 and during that time may have accessed or obtained patient information such as full names, addresses, demographic data, Social Security numbers, birth dates, height/weight measurements, medical diagnoses, medical treatment information, and appointment confirmations.

Carle Cancer Treatment Normal was notified about the breach on April 29. Elekta said its investigation uncovered no evidence indicating patient information was publicly disclosed or used for fraudulent purposes. Affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.