HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattack on SuperCare Health Affects 318,000 Patients

SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.

In its March 25, 2022, breach notification letters, SuperCare Health explained that it identified unauthorized activity within its IT systems on July 27, 2021. Steps were immediately taken to secure its network and prevent further unauthorized access, and independent cybersecurity experts were engaged to investigate the nature and scope of the incident.

The investigation determined that unauthorized individuals had access to parts of its network from July 23, 2021, to July 27, 2021, and that it was possible that files on the network were accessed that contained patients’ protected health information. A comprehensive review of the contents of the files was conducted, which determined on February 4, 2022, that they contained sensitive patient data such as names, addresses, birth dates, hospital/medical group, patient account numbers, medical record numbers, health insurance information, testing/diagnostic/treatment information, other health-related information, and claims information. A subset of individuals also had their Social Security numbers and/or driver’s license numbers exposed.

SuperCare Health said the security breach prompted a review of its security safeguards and additional security measures have now been implemented to better protect the personal and protected health information of its patients.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

SuperCare Health is offering affected individuals a complimentary membership to an identity theft protection service, which includes credit monitoring, dark web monitoring, and an identity theft reimbursement insurance policy.

Englewood Health Warns 3,900 Patients About PHI Exposure

Englewood Health, the operator of an acute care 289-bed teaching hospital in Englewood, NJ, has recently reported a security breach that involved the protected health information of 3,901 patients. On February 14, 2022, Englewood Health learned that the username and password of an employee had been compromised, which allowed an unauthorized individual to access patient names, dates of birth, and limited health information. Englewood Health said the unauthorized actor had access to patient data for less than 40 minutes before the intrusion was identified and blocked.

In response to the breach, Englewood Health has upgraded its physical, administrative, and technical network controls. Patients have now been notified by mail and while only a limited amount of data was exposed, complimentary credit monitoring services have been offered to affected patients.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.