Data Breaches Reported by Allegheny Health Network, St. Luke’s Health System, & Goldsboro Podiatry

St. Luke’s Health System in Boise, ID, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected 31,579 patients. The breach occurred in May 2022 at Kaye-Smith, the health system’s billing vendor, and affected patients that were billed that month. The breach was discovered in June 2022 and was reported to St. Luke’s Health System on July 6, 2022.

Unauthorized individuals gained access to systems at Kaye-Smith, which contained information such as patient names, insured names, addresses, phone numbers, ID numbers, dates of birth, descriptions of services, amounts billed, outstanding balances, payment due dates, account statuses, and the last five digits of Social Security numbers. Kaye-Smith is investigating the breach and is working with the FBI to better understand how the breach happened.

St. Luke’s Health System said it is no longer working with the billing vendor. The investigation to date has not uncovered any evidence to suggest there has been any misuse of patient data. Affected individuals have been offered a complimentary membership to a credit monitoring service.

Goldsboro Podiatry Notifies 30,669 Patients About Data Breach

Kevin Wolf, DPM, doing business as Goldsboro Podiatry in North Carolina, has recently confirmed that the protected health information of 30,669 has potentially been obtained by unauthorized individuals. The breach occurred at an unnamed service provider that maintains patients’ electronic medical records for the practice. The breach was detected on April 29, 2022, when certain servers used by the company were encrypted in a ransomware attack. The service provider confirmed in May 2022 that data on the servers had been accessed and was potentially obtained by the attackers. Goldsboro Podiatry was notified about the attack on May 20, 2022.

Please see the HIPAA Journal Privacy Policy

The information compromised in the attack included names, contact information, dates of birth, Social Security Numbers, demographic information, medical history, medication information, clinical observations, diagnoses, and/or treatment plans.

Goldsboro Podiatry said its service provider has secured its information technology systems and enhanced its cybersecurity defenses to prevent future attacks and has offered affected individuals complementary access to credit monitoring and identity theft protection services.

Allegheny Health Network Phishing Attack Affects Thousands of Patients

Pennsylvania-based Allegheny Health Network has recently confirmed that the email account of an employee has been accessed by an unauthorized third party following a response to a phishing email. The employee responded to the message on May 31, 2022, and the breach was detected the following day.

A review of the email account confirmed it contained protected health information such as names, dates of birth, dates of medical services, medical histories, conditions, diagnoses and treatment information, and driver’s license numbers. A subset of individuals also had their Social Security number and/or financial information exposed.

Allegheny Health Network said prompt action was taken to address the incident, including performing a password reset to prevent further unauthorized access. A third-party cybersecurity firm has also been engaged to help improve its security controls.

Allegheny Health Network has reported the breach to the HHS’ Office for Civil Rights using a placeholder of 500 records until the breach is fully investigated and the number of individuals affected is known. Local media outlets have said around 8,000 individuals were affected.

Central Maine Medical Center Affected by Shields Healthcare Group Data Breach

Central Maine Medical Center (CMMC) has confirmed it has been affected by a data breach at Shields Healthcare Group. CMMC was one of 56 facility partners to be affected by the breach, which affected around 2 million individuals, including 11,938 CMMC patients. Further information on the breach is available in this post.

Granbury Eye Clinic in Texas Victim of Eye Care Leaders Data Breach

Granbury Eye Clinic in Texas is the latest eye care provider to confirm it was affected by the Eye Care Leaders data breach, which involved the PHI of 16, 475 patients. The data breach is now known to have affected at least 39 eye care providers, with the breach total currently standing at 3,091,694 patients.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.