Cyberattack on SuperCare Health Affects 318,000 Patients

Share this article on:

SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.

In its March 25, 2022, breach notification letters, SuperCare Health explained that it identified unauthorized activity within its IT systems on July 27, 2021. Steps were immediately taken to secure its network and prevent further unauthorized access, and independent cybersecurity experts were engaged to investigate the nature and scope of the incident.

The investigation determined that unauthorized individuals had access to parts of its network from July 23, 2021, to July 27, 2021, and that it was possible that files on the network were accessed that contained patients’ protected health information. A comprehensive review of the contents of the files was conducted, which determined on February 4, 2022, that they contained sensitive patient data such as names, addresses, birth dates, hospital/medical group, patient account numbers, medical record numbers, health insurance information, testing/diagnostic/treatment information, other health-related information, and claims information. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

SuperCare Health said the security breach prompted a review of its security safeguards and additional security measures have now been implemented to better protect the personal and protected health information of its patients.

SuperCare Health is offering affected individuals a complimentary membership to an identity theft protection service, which includes credit monitoring, dark web monitoring, and an identity theft reimbursement insurance policy.

Englewood Health Warns 3,900 Patients About PHI Exposure

Englewood Health, the operator of an acute care 289-bed teaching hospital in Englewood, NJ, has recently reported a security breach that involved the protected health information of 3,901 patients. On February 14, 2022, Englewood Health learned that the username and password of an employee had been compromised, which allowed an unauthorized individual to access patient names, dates of birth, and limited health information. Englewood Health said the unauthorized actor had access to patient data for less than 40 minutes before the intrusion was identified and blocked.

In response to the breach, Englewood Health has upgraded its physical, administrative, and technical network controls. Patients have now been notified by mail and while only a limited amount of data was exposed, complimentary credit monitoring services have been offered to affected patients.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On