HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattacks and Data Theft Incidents Reported by Medical Healthcare Solutions and Advocates Inc.

Advocates Inc., a Massachusetts-based nonprofit provider of support services for individuals experiencing life challenges such as addiction, autism, brain injury, intellectual disabilities, mental health, and behavioral health, has announced it recently experienced a sophisticated cyberattack and data theft incident.

Advocates was informed on October 1, 2021, that an unauthorized individual had gained access to its network and copied files containing the sensitive data of patients and employees. A leading cybersecurity firm was engaged to assist with the investigation, which revealed an unknown individual had accessed its network and copied files over a four-day period between September 14, 2021, and September 18, 2021.

The files contained names, addresses, dates of birth, Social Security numbers, health insurance information, client ID numbers, diagnoses, and treatment information. After confirming the individuals affected, Advocate collected up-to-date contact information to allow written notices to be provided, hence the delay in issuing notification letters.

The cyberattack was reported to the Federal Bureau of Investigation and regulators. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates the protected health information of 68,236 individuals was included in the stolen files. Advocates said it is unaware of any attempted or actual misuse of the stolen information; however, as a precaution, affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

PHI Stolen in Cyberattack on Medical Healthcare Solutions

The Boston, MA-based medical billing company Medical Healthcare Solutions, has recently announced it was the victim of a cyberattack. The attack was discovered on November 19, 2021, and steps were immediately taken to secure its network to prevent further unauthorized access. The investigation confirmed an unauthorized individual had accessed its network between October 1, 2021, and October 4, 2021, and copied certain files from its network. DataBreaches.net has reported on the incident and obtained evidence that this was a ransomware attack conducted by the Conti ransomware gang, which stole data and added the information to its data leak site on October 27, 2021.

A review of the stolen files revealed they contained the following types of data: Name, address, date of birth, sex, phone number, email address, Social Security number, driver’s license/state ID number, financial account number, routing number, payment card number, card CVV/expiration, diagnosis/treatment information, procedure type, provider name, prescription information, date of service, medical record number, patient account number, insurance ID number, insurance group number, claim number, insurance plan name, provider ID number, procedure code, treatment cost, and diagnosis code.

Medical Healthcare Solutions said a final list of individuals affected by the breach was obtained on January 8, and notification letters have now been issued. Complimentary credit monitoring and identity theft protection services have been offered to affected individuals.

The incident has been reported to the HHS’ Office for Civil Rights as affecting 133,997 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.