Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

University Pediatric Dentistry in Buffalo, NY, has started notifying 6,843 patients that some of their protected health information has been exposed in an email security incident.

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. University Pediatric Dentistry said it learned on April 25, 2022, that emails and attachments in the compromised accounts contained patient data, and information had potentially been viewed or obtained.

The compromised information included patient names, contact information, dates of birth, Social Security numbers, driver’s license numbers, government identification numbers, treatment and diagnosis information, provider names, medical record numbers, patient account numbers, prescription information, dates of service and/or health insurance information. A limited number of patients also had financial account information exposed.

Individuals who had their Social Security numbers or driver’s license numbers exposed have been offered complimentary credit monitoring and identity theft protection services. University Pediatric Dentistry said technical security measures will be implemented to further protect and monitor its email system.

Please see the HIPAA Journal Privacy Policy

Cyberattack Reported by Michigan Avenue Immediate Care

Michigan Avenue Immediate Care (MAIC) in Chicago, IL, has recently reported a hacking incident that saw an unauthorized third-party gain access to its computer network and exfiltrate files containing sensitive patient data. The cyberattack was detected on May 1, 2022, and on May 12, 2022, MAIC confirmed that the files exfiltrated from its systems included some patient information.

The types of data in the files varied from individual to individual and may have included names, addresses, telephone numbers, dates of birth, Social Security numbers, driver’s license numbers, treatment information, and/or health insurance information. Affected individuals have been notified by mail and have been offered a complimentary one-year membership of the Experian IdentityWorks Credit 3B service.

The incident has been reported to the HHS’ Office for Civil Rights as affecting 144,104 individuals.

OrthoNebraska Email Account Compromised

OrthoNebraska, an Omaha, NE-based orthopedic clinic, has recently announced that the email account of an employee has been accessed by an unauthorized individual. The breach occurred in early December 2021 and was detected when the account was used to send spam emails. A review of the affected email account confirmed the protected health information of certain patients was present in emails and attachments, and that information may have been viewed or obtained.

The exposed information included names, demographic information, driver’s license numbers, state ID numbers, usernames/passwords, Social Security numbers, medical histories, and health insurance and claims information. Affected individuals have been notified by mail and credit monitoring and identity theft protection services have been offered. To date, no reports have been received that indicate any actual or attempted misuse of patient data. OrthoNebraska said it has provided further information security training to the workforce and additional safeguards have been implemented to improve email security.

The HHS’ Office for Civil Rights breach portal shows 1,369 individuals have been affected.

Jack Hughston Memorial Hospital Investigating Cyberattack

Jack Hughston Memorial Hospital in Phoenix City, AL has recently confirmed that hackers have gained access to its network. The cyberattack forced the hospital to take its computer systems offline, which has prevented access to electronic medical records. The hospital has continued to provide care to patients under emergency downtime procedures and a third-party computer forensics firm has been engaged to assist with the investigation. At this stage of the investigation, it is unclear if, and to what extent, patient information has been compromised.

Several More Eye Care Practices Impacted by Eye Care Leaders Data Breach

The number of eye care providers affected by the data breach at Eye Care Leaders has continued to grow, with Mattax Neu Prater Eye Center in Missouri, Aloha Laser Vision in Hawaii, and Sight Partners Physicians in Washington among the latest known to be affected. At least 33 eye care providers have confirmed they have been affected by the cyberattack and the records of more than 2.9 million individuals have potentially been compromised.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.