DocGo Says Patient Data Stolen in Recent Cyberattack
DocGo, a provider of mobile medical services and transportation in 26 US states and the United Kingdom, has announced that it has fallen victim to a cyberattack in which patient data was stolen.
In a filing with the US Securities and Exchange Commission (SEC), DocGo explained that the attack targeted systems used to support its ambulance transportation business. The breach was rapidly contained, the threat actor has been removed from its systems, and a third-party cybersecurity company has been assisting with the investigation. The security breach was limited to DocGo’s ambulance transportation business and no other business lines were affected. DocGo said the incident has had no significant effect on its overall financial condition.
The attackers obtained a limited number of healthcare records of patients who used its ambulance service, and notifications are now starting to be sent to those individuals. DocGo has not publicly stated how many patients have been affected nor the types of data compromised in the incident. At this stage, no threat actors appear to have claimed responsibility for the attack.
Bridgeway Center Suffers Cyberattack
Bridgeway Center, Inc., a Florida-based provider of behavioral health services, has reported a breach to the Maine Attorney General involving the personal information of 65,386 individuals. The breach notification to the HHS’ Office for Civil Rights indicates the total includes the protected health information of 36,353 individuals. Suspicious activity was identified within its network on February 21, 2024, and a cybersecurity and incident response vendor was engaged to conduct a forensic investigation and determine the nature and scope of the intrusion. On March 18, 2024, the initial investigation into the breach concluded and determined that the compromised systems contained client and employee information. The data is now being reviewed to allow notifications to be mailed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Bridgeway Center has confirmed that the following types of client information were exposed: names, military identification numbers, student identification numbers, health insurance information, financial aid information, therapist/doctor notes, mental/physical conditions, diagnosis information, prescription information, medical procedure information, dates of service, dates of death, medical record numbers, Medicare/Medicaid ID numbers, sickness certificates, and medical billing information. For employees, the breached information includes names, dates of birth, Social Security numbers, driver’s license numbers/state-issued identification card numbers, and financial account numbers. Bridgeway Center said security measures have been enhanced to prevent similar incidents in the future and the affected individuals are being offered complimentary credit monitoring and identity theft protection services.
