HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by the New Jersey Department of Health, Onyx Technologies & San Diego American Indian Health Center

Onyx Technologies, a Largo, MD-based provider of Information Technology and Consulting Services and a vendor of Independent Care Health Plan (iCare), has recently notified 96,814 health plan members that some of their protected health information has potentially been compromised.

On June 28, 2022, Onyx discovered its computer systems had been accessed by unauthorized individuals, who may have gained access to the protected health information of iCare members, including names, birth dates, addresses, phone numbers, iCare member ID numbers, Medicare ID Numbers, dates of service, and provider names.

Onyx said that a review of its computer systems was immediately conducted, a security firm was engaged to assist with the investigation, and access to its systems was regained on July 7, 2022. Onyx said, “a server may have been removed or accessed beginning on March 29, 2022, and ending on June 28, 2022. On July 15, 2022, the security firm found that some information related to individuals may have been accessed.”

Onyx said it found no evidence to suggest any of the affected information has been identified. Affected individuals have been offered complimentary credit monitoring and identity theft protection services for two years.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

San Diego American Indian Health Center Breach Affects 27,367 Patients

San Diego American Indian Health Center has notified 27,367 current and former patients that unauthorized individuals gained access to parts of its network and exfiltrated files containing some of their protected health information.

The security breach was detected on May 5, 2022, and steps were immediately taken to secure the network and prevent further unauthorized access. A digital forensics firm was engaged to assist with the investigation, which confirmed on July 22, 2022, that patient information had been obtained, including names, Social Security numbers, driver’s license numbers, state identification card numbers, tribal identification card numbers, medical information, health insurance information, and birth dates.

San Diego American Indian Health Center said it is unaware of any attempted or actual misuse of patient data. Affected individuals have been offered complimentary credit monitoring and identity protection services and steps have been taken to improve security to prevent further data breaches.

New Jersey Department of Health Alerts Patients About Vendor Data Breach

The New Jersey Department of Health, Division of Behavioral Health Services has recently announced that certain patients of Trenton Psychiatric Hospital and the Anne Klein Forensic Center have had some of their protected health information stolen in a security incident at a vendor that provided medical translation and dictation services to the hospitals.

Unauthorized individuals gained access to parts of the vendor’s systems and exfiltrated files that included the protected health information of patients.  The vendor notified the NJ Department of Health about the data breach on June 30, 2022. It is currently unclear which vendor was affected, the types of information compromised, and the number of individuals affected by the data breach. The affected hospitals will notify patients directly if they have been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.