Data Breaches Reported by Suncoast Skin Solutions, Raveco Medical, South City Hospital, and the Colorado DHS

Share this article on:

Suncoast Skin Solutions, a network of 22 surgical, medical, and cosmetic dermatological care clinics in Florida, has recently started notifying 57,730 patients about a ransomware attack that was discovered on July 14, 2021.

Suncoast said when the cyberattack was detected, prompt action was taken to prevent the encryption of all of its systems and a third-party cybersecurity firm was engaged to conduct a forensic investigation to determine the nature and scope of the attack.

On October 14, 2021, the cybersecurity firm concluded its investigation and Suncoast conducted a preliminary review of its systems to determine if they contained any patient information. That process was completed on November 8, 2021, and a third-party vendor was engaged to review all affected files to determine the specific individuals whose information may have been compromised.

Suncoast has now confirmed that the following types of data were potentially viewed by the attackers: names, dates of birth, clinical information, doctor’s notes, and other limited treatment information. Suncoast said it is unaware of any attempted or actual misuse of patient data as a result of the security breach. Steps have been taken to prevent similar breaches in the future, including transferring all patient data to an encrypted system. Complimentary credit monitoring services have been offered to certain impacted individuals.

South City Hospital Reports Theft of Backup Server Containing PHI of 21,601 Individuals

South City Hospital in St. Louis, MO – formerly St. Alexius Hospital – was the victim of a burglary on November 13th or 14th and thieves stole a backup imaging server from one of its practice locations.

A review of the server confirmed it contained protected health information of 21,601 individuals, including names, Social Security numbers, health insurance information, radiology imaging, and/or other related medical information.

In response to the break-in, the hospital has implemented additional security measures to prevent further exposures of patient data.

Colorado Department of Human Services Affected by Cyberattack on Business Associate

The Colorado Department of Human Services (CDHS) has notified 6,132 individuals that some of their protected health information has potentially been compromised in a cyberattack on one of its vendors – Sound Generations.

Sound Generations is a Seattle, WA-based provider of services for adults with disabilities and CDHS contracts with Sound Generations to store data for its evidence-based fall prevention program – A Matter of Balance. Sound Generations investigated the breach and while no evidence of data misuse has been identified, it was not possible to rule out unauthorized data access.

The types of information potentially compromised includes names, addresses, phone numbers, email addresses, dates of birth, and whether or not clients have health insurance.

PHI of 4,897 Individuals Potentially Compromised in Raveco Medical Hacking Incident

Raveco Medical, a women’s health clinic in New York City, has notified 4,897 patients that some of their protected health information was potentially accessed by unauthorized individuals.

A security breach was detected on November 22, 2021, and a third-party cybersecurity firm was engaged to investigate the breach. The investigation confirmed files had been copied from its systems that contained patients’ first and last names, dates of birth, medications, diagnoses, Social Security numbers, and/or payment card information.

Raveco Medical said it is working to improve data security to prevent further hacking incidents. Affected individuals have been provided with complimentary access to credit monitoring and identity theft resolution services through IDX.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On