HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Dynasplint Systems Data Breach Impacts Almost 103,000 Individuals

Severna Park, MD-based Dynasplint Systems, a manufacturer of proprietary stretching devices to improve joint motion, has experienced a cyberattack in which personal and protected health information may have been accessed or stolen.

The security breach occurred on May 16, 2020 and prevented employees from accessing computer systems. In a letter to the Iowa Attorney General, a lawyer representing Dynasplint explained that the company had suffered “an encryption attack” which prevented employees from accessing computer systems.

Assisted by a digital forensics firm, Dynasplint Systems determined on June 4, 2020 that information such as names, addresses, dates of birth, Social Security numbers, and medical information may have been accessed and acquired by the attackers. The cyberattack was reported to the FBI and Dynasplint Systems is cooperating with the investigation to hold the individuals responsible accountable.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 102,800 individuals were potentially affected by the attack. Those individuals started to be notified about the breach on August 7, 2020 and have been offered complimentary identity monitoring and recovery services for 12 months through Kroll. While customer information may have been compromised, no evidence has been found to suggest that customer data has been misused.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Dynasplint is working with leading cybersecurity experts to enhance the security of its computer systems to prevent further cyberattacks in the future.

Texas Medical Clinical Research Organization Suffers Phishing Attack

Pinnacle Clinical Research, a San Antonio, TX-based medical clinical research organization that runs hepatological and gastroenterological clinical trials in San Antonio and Austin, TX has announced it has suffered a phishing attack.

The email account breach was detected in April 2020. Assisted by independent IT security and forensic investigators, Pinnacle Clinical Research determined on or around May 8, 2020 that the compromised email account contained the sensitive information of clinical trial participants.

The breach was limited to a single email account which was found to contain information such as names, mailing addresses, telephone numbers, medical histories, and treatment information. A subset of affected individuals may also have had one or more of the following data elements exposed: Date of birth, Social Security number, driver’s license number, state ID number, taxpayer ID number, passport number, credit card/financial account number, associated PIN or password, email address, and/or health insurance individual policy number.

The compromised email account was immediately secured when the breach was discovered and steps have since been taken to improve the privacy and security of information stored in its systems. Affected individuals have been offered complimentary identity theft protection and credit monitoring services for 12 months.

Phishing Attack Reported by the Institute for Integrative Nutrition

The Institute for Integrative Nutrition in New York City has discovered personal information has potentially been compromised in a March 2020 phishing attack. The email account breach was detected on June 22, 2020. The investigation revealed a single email account was accessed by an unauthorized individual between March 3-4, 2020.

Third party cybersecurity professionals assisted with an extensive forensic investigation and the manual document review confirmed that names and personal information, including Social Security numbers, had potentially been accessed, although no evidence was found suggesting data were stolen in the attack.

Out of an abundance of caution, affected individuals have been offered complimentary identity theft protection services and “significant measures” have been implemented to prevent further breaches in the future.

PHI Potentially Compromised in Phishing Attack on Colorado Mental Health Center

Lafayette, CO-based Mental Health Center of Boulder County Inc., aka Mental Health Partners, experienced a phishing attack in late March in which employee information and the protected health information of some of its clients were potentially compromised.

Assisted by forensic investigators, Mental Health Partners determined on July 22, 2020 that the following information may have been subjected to unauthorized access or could have been stolen in the attack: names; dates of birth; Social Security numbers; driver’s license or state identification card numbers; passport numbers; financial account information; medical record numbers; medical treatment information, including symptom, diagnosis, treatment, medication, and doctor information; and/or health insurance information.

Affected individuals have been offered complimentary credit monitoring services. No evidence was found to indicate data were stolen or misused. Mental Health Partners has reviewed its internal policies and procedures following the attack and additional safeguards are being implemented to enhance digital security.

Boxes of Medical Records Found at Texas Recycling Center

More than 2 dozen boxes of old medical records have been found at an Odessa, TX recycling center. The records appear to have come from West Texas Orthopedics, which is part of Midland Health. It is not known how the records came to be at the recycling center and why they were not disposed of securely in accordance with HIPAA Rules.

“We have a team on-site at Odessa Recycling Center. They have looked through all records and determined that they do not belong to us. The name West Texas Orthopedics has been used by other entities in the past, but these records predate our ownership,” said Midland Health in a statement issued about the breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.