Data Breaches Confirmed by Omni Family Health & Signature Healthcare Services
Data breaches have recently been confirmed by Omni Family Health and Signature Healthcare Services in California. Both incidents are believed to be ransomware attacks, with the attack on Omni Family Health involving the publication of stolen employee and patient data on the dark web.
Omni Family Health
Omni Family Health, a network of health centers in Kern, Kings, Tulare, and Fresno counties in California, has warned patients and employees that some of their protected health information may have been stolen in a cyberattack. On August 7, 2024, Omni Family Health became aware of reports that a cyber threat actor had stolen data from its network and posted the information on the dark web. The claims were investigated, and Omni Family Health confirmed that the posted data related to its patients and employees.
The data breach is thought to be linked to a February 2024 cyberattack that caused an outage of its systems for around 5 days. Prompt action was taken to prevent further unauthorized access and the incident was investigated, but there were no indications that any personal information had been compromised in the incident. Evidence has now been found indicating a possible connection between the dark web post and the February 2024 cyberattack, but the evidence is not conclusive.
The types of data involved varied from individual to individual. Current and former patients may have had their name, address, Social Security number, date of birth, health insurance plan information, and medical information stolen. Employee data compromised in the incident included names, addresses, Social Security numbers, dates of birth, medical information, health insurance information, financial account information related to direct deposits, and if provided to Omni, information about dependents and beneficiaries.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Since data has been posted on the dark web, the affected individuals need to take steps to protect themselves against identity theft and fraud. Omni recommends obtaining a credit report (one can be contained once a year free of charge from each of the nationwide consumer reporting agencies) and monitoring accounts and statements for suspicious activity. The substitute breach notice on the Omni website makes no mention of complimentary credit monitoring and identity theft protection services.
The data breach has been reported to the HHS’ Office for Civil Rights as affecting 468,344 individuals.
Signature Healthcare Services
Signature Healthcare Services, a Corona, CA-based provider of mental health and substance abuse treatment through its 17 acute care hospitals in California, Illinois, Nevada, and Arizona and multiple facilities in Texas, has announced that it experienced a cybersecurity incident in January 2024 that caused disruption to its computer network.
The incident was detected on January 28, 2024, and the investigation confirmed that unauthorized individuals had access to some of its IT systems between January 27 and January 28. It has taken several months to investigate the incident and review the affected files. That process has recently been completed and notification letters are now being mailed to the affected individuals.
The information exposed in the incident included names, dates of birth, medical record numbers, services received, dates of services, and treating physician names. Affected individuals have been advised to check their healthcare statements and to report any charges for services that they have not received. Signature Healthcare Services said additional safeguards have been implemented to prevent similar attacks in the future.
The data breach has been reported to regulators but is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
