Data Breaches Reported by Horizon House and Samaritan Center of Puget Sound
Horizon House, Inc., a Philadelphia, PA-based provider of mental health and residential treatment services has announced its IT systems have been hacked and ransomware was deployed, with the attackers gaining access to systems containing the protected health information of 27,823 individuals.
Suspicious activity was detected in its computer systems on March 5, 2021. An investigation was launched to determine the nature and scope of the breach, which revealed an unauthorized individual had access to its systems between March 2 and March 5, 2021.
A review of files stored on the compromised systems was completed around September 3, 2021. The files contained protected health information such as names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, medical information, health insurance information, and medical claims information.
All individuals affected by the incident have been notified and advised to monitor their accounts and explanation of benefit statements for signs of fraudulent activity. Existing policies and procedures and security measures are being reviewed and will be enhanced to prevent further data breaches.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Samaritan Center of Puget Sound Reports Break-in and Theft of Devices Containing PHI
A computer, server, and other electronic equipment have been stolen from the offices of Samaritan Center of Puget Sound in Seattle, WA. The break-in occurred over the weekend of July 17/18, 2021 and was discovered on the morning of July 19.
Samaritan Center said the offices were locked and the computer and server were password-protected; however, passwords can be brute-forced so it is possible that the thieves may be able to access protected health information stored on the devices.
The server contained agency data including client names, dates of service, diagnoses, copies of charting content, addresses, phone numbers, copies of deposited checks, training videos, insurance information, Social Security numbers, and copies of billing statements. Samaritan Center said therapists’ email accounts, QuickBooks data, the Valant EHR platform, and archived data from its Medisoft client database are not believed to be at risk.
Samaritan Center said there have been multiple break-ins at the Ravenna Blvd facility over the past 12 months, and steps have been taken throughout the year to improve security including additional security alarm coverage, video cameras, and new locks. Further physical and electronic safeguards are being implemented, including attaching the server to the facility in a way that makes physical access to the server in the event of a break-in unlikely. Samaritan Center is also exploring further encryption of network data.
The breach has been reported to the HHS’ Office for Civil Rights as affecting of 20,866 individuals.
