Cyberattacks on Eastern Radiologists and UNITE HERE Affect 1,680,000 Individuals
Major data breaches have been reported by Eastern Radiologists, Inc. in North Carolina and the New York-based labor union, UNITE HERE. The protected health information of almost 1,680,000 individuals has been compromised in these two incidents.
Eastern Radiologists, Inc. Data Breach Affects Almost 887,000 Individuals
Greenville, NC-based Eastern Radiologists, Inc. has recently notified 886,746 individuals that some of their protected health information was exposed and potentially obtained by unauthorized individuals in a cyberattack that was detected on November 24, 2023. A third-party cybersecurity firm was engaged to investigate the cause of suspicious network activity and confirmed that there was unauthorized access to its network between November 20, 2023, and November 24, 2023. During that time, documents on the system were accessed and copied, some of which contained patient information.
The investigation was completed on January 26, 2024, and confirmed that the exposed information included patients’ names plus one or more of the following: contact information, Social Security number, insurance information, exam and/or procedure information, referring physician, diagnosis information and/or imaging results. Eastern Radiologists said steps have been taken to improve security and better protect patient data and network monitoring capabilities have been enhanced. Notification letters started to be mailed to the affected individuals on March 4, 2024. The substitute breach notice on the Eastern Radiologists website makes no mention of credit monitoring and identity theft protection services.
UNITE HERE Data Breach Affects 791,000 Individuals
The New York-based labor Union, UNITE HERE, which serves 300,000 working people across Canada and the United States, has recently reported a data breach to the HHS’ Office for Civil Rights that involved the protected health information of 791,273 individuals. UNITE HERE said unauthorized access to its systems was detected on October 20, 2023, and third-party cybersecurity experts were engaged to investigate and determine the nature and scope of the breach. It was not possible to determine the extent to which sensitive data was viewed or copied, so the decision was taken to notify all individuals whose information was present in the compromised system at the time of the breach.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The exposed information included the sensitive data of members of certain local unions and health funds and included names, Social Security numbers, driver’s licenses, state identification numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical information.
UNITE HERE said passwords were immediately reset when the breach was discovered, and additional layers of security have now been implemented. Individuals who receive a notification in the mail about the breach have been advised to be vigilant against identity theft and fraud and have been offered complimentary credit monitoring and identity theft protection services through IDX.