HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Suncoast Skin Solutions, Raveco Medical, South City Hospital, and the Colorado DHS

Suncoast Skin Solutions, a network of 22 surgical, medical, and cosmetic dermatological care clinics in Florida, has recently started notifying 57,730 patients about a ransomware attack that was discovered on July 14, 2021.

Suncoast said when the cyberattack was detected, prompt action was taken to prevent the encryption of all of its systems and a third-party cybersecurity firm was engaged to conduct a forensic investigation to determine the nature and scope of the attack.

On October 14, 2021, the cybersecurity firm concluded its investigation and Suncoast conducted a preliminary review of its systems to determine if they contained any patient information. That process was completed on November 8, 2021, and a third-party vendor was engaged to review all affected files to determine the specific individuals whose information may have been compromised.

Suncoast has now confirmed that the following types of data were potentially viewed by the attackers: names, dates of birth, clinical information, doctor’s notes, and other limited treatment information. Suncoast said it is unaware of any attempted or actual misuse of patient data as a result of the security breach. Steps have been taken to prevent similar breaches in the future, including transferring all patient data to an encrypted system. Complimentary credit monitoring services have been offered to certain impacted individuals.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

South City Hospital Reports Theft of Backup Server Containing PHI of 21,601 Individuals

South City Hospital in St. Louis, MO – formerly St. Alexius Hospital – was the victim of a burglary on November 13th or 14th and thieves stole a backup imaging server from one of its practice locations.

A review of the server confirmed it contained protected health information of 21,601 individuals, including names, Social Security numbers, health insurance information, radiology imaging, and/or other related medical information.

In response to the break-in, the hospital has implemented additional security measures to prevent further exposures of patient data.

Colorado Department of Human Services Affected by Cyberattack on Business Associate

The Colorado Department of Human Services (CDHS) has notified 6,132 individuals that some of their protected health information has potentially been compromised in a cyberattack on one of its vendors – Sound Generations.

Sound Generations is a Seattle, WA-based provider of services for adults with disabilities and CDHS contracts with Sound Generations to store data for its evidence-based fall prevention program – A Matter of Balance. Sound Generations investigated the breach and while no evidence of data misuse has been identified, it was not possible to rule out unauthorized data access.

The types of information potentially compromised includes names, addresses, phone numbers, email addresses, dates of birth, and whether or not clients have health insurance.

PHI of 4,897 Individuals Potentially Compromised in Raveco Medical Hacking Incident

Raveco Medical, a women’s health clinic in New York City, has notified 4,897 patients that some of their protected health information was potentially accessed by unauthorized individuals.

A security breach was detected on November 22, 2021, and a third-party cybersecurity firm was engaged to investigate the breach. The investigation confirmed files had been copied from its systems that contained patients’ first and last names, dates of birth, medications, diagnoses, Social Security numbers, and/or payment card information.

Raveco Medical said it is working to improve data security to prevent further hacking incidents. Affected individuals have been provided with complimentary access to credit monitoring and identity theft resolution services through IDX.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.