Cummins Behavioral Health Reports 157K Record Data Breach
Cummins Behavioral Health Systems Inc. in Avon, IN, has recently reported a data security incident to the Maine Attorney General that has affected 157,688 patients. On March 9, 2023, a ransom note was detected within its computer environment that had been placed there by an unauthorized individual. No file encryption occurred; however, the attacker claimed to have infiltrated sensitive data.
The forensic investigation confirmed that an unauthorized individual had access to its network between February 2, 2023, and March 9, 2023. The information removed from its systems included names, addresses, dates of birth, Social Security numbers, driver’s license/State ID numbers, financial account information, payment card information, usernames/passwords, health insurance information, and medical information. System security has been strengthened to prevent similar incidents in the future, and affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Email Encryption Failure Exposed Client Data at Redwood Coast Regional Center
Redwood Coast Regional Center (RCRC), a provider of services to individuals with developmental disabilities in Del Norte, Humboldt, Lake, and Mendocino Counties in California, has alerted 1,345 individuals about the exposure of some of their data. On June 14, RCRC’s mail server encryption software failed due to a system outage, which resulted in public health information being shared in plain text messages, which could potentially have been intercepted by unauthorized individuals. The exposed data was limited to client names, UCI numbers, addresses, dates of birth, and/or authorized service information. No information was exposed that would put clients at risk of identity theft. RCRC said it is reviewing its procedures and practices to prevent similar data exposures in the future.
Coastal Orthopedics Alerts Patients About Cyberattack and Data Breach
Bradenton, FL-based Coastal Orthopedics & Sports Medicine of Southwest Florida has recently confirmed that hackers gained access to its network and potentially obtained patient data. The cyberattack was detected on June 11, 2023, and the subsequent forensic investigation confirmed unauthorized access to its network between June 6, 2023, and June 11, 2023, and data exfiltration.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The breach investigation is ongoing, so it is currently unclear how many individuals have been affected or the exact types of information involved; however, the compromised data is likely to include a combination of names, Social Security numbers, patient identification numbers, medical record numbers, diagnosis information, other medical information, addresses, driver’s license number, health insurance information, financial account information, and dates of birth. Policies, procedures, and processes are being reviewed to reduce the likelihood of a similar event in the future, and notification letters will be sent to the affected individuals when the file review has been completed.
Update: The file review has concluded, and 203,427 individuals are known to have been affected.
Capital Neurological Surgeons Reports Email Account Breach
Capital Neurological Surgeons in Sacramento, CA, has recently discovered that an unauthorized individual gained access to an employee’s email account and potentially obtained patient information. The email account was accessed on January 17, 2023, with the forensic investigation confirming on July 20, 2023, that the account contained protected health information.
The information potentially compromised varied from patient to patient and may have included names in combination with one or more of the following: Social Security numbers, date of birth, driver’s license numbers or state identification numbers, medical information (diagnosis/clinical information, treatment type or location, doctor name, medical procedure information, medical record number, patient account number, and/or prescription information), and/or health insurance policy information. Affected individuals were notified by mail on August 4, 2023. The delay in issuing notification letters was due to the lengthy file review. Complimentary credit monitoring services have been offered to individuals who had their Social Security numbers compromised.
The incident is not yet showing on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
