Email Account Breaches Reported by A2Z Diagnostics and Vision for Hope

The New Jersey specialist diagnostic testing laboratory A2Z Diagnostics has started notifying patients that some of their protected health information was contained in employee email accounts that were accessed by unauthorized individuals.

Upon discovery of the breach, email accounts were immediately secured and third-party cybersecurity consultants were engaged to investigate the breach and determine whether any emails or attachments had been accessed or obtained in the attack. A2Z Diagnostics learned on June 28, 2021 that the compromised accounts were breached between February 2, 2021 and April 2, 2021, and some of the accounts contained the personal and protected health information of individuals who had tests performed at its laboratory; however, no evidence was found that suggested any emails had actually been viewed or stolen in the attack.

The types of information in the accounts varied from individual to individual and may have included full names in combination with one or more of the following types of information:  Social Security number, date of birth, driver’s license or state identification number, medical diagnosis or clinical information, treatment type or location, doctor name, health insurance information and/or medical procedure information. A2Z said only a limited number of individuals who received testing services were affected.

Notification letters started to be sent to affected individuals on July 28. Credit monitoring services have been offered to the small number of individuals whose Social Security number was exposed.

A2Z said it has undertaken significant measures to improve its technical safeguards to minimize the risk of a similar incident in the future, including enhancing its multi-factor authentication software.

Vision for Hope Discovers Breach of Employee Email Account

The animal-assisted therapy charity Vision for Hope has discovered an unauthorized individual has gained access to the email account of one of its employees and potentially viewed or obtained the protected health information of some of its patients.

Upon discovery of the breach, an investigation was launched to determine the nature and scope of the cyberattack, which revealed the email account was compromised between February 14 and April 2, 2021. A comprehensive review of all emails in the account was completed on June 2, 2021, when it was confirmed that the following types of protected health information were potentially accessed: Name, date of birth, Social Security number, driver’s license number, financial account number, medical treatment or diagnosis information, and/or medical insurance information. The types of information exposed varied from individual to individual.

Vision for Hope said it has no reason to believe any information in the account has been misused for the purpose of committing fraud or identity theft. On August 3, 2021, Vision for Hope started sending notification letters to affected individuals and has offered complimentary credit monitoring and identity theft protection services to all individuals whose Social Security number and/or driver’s license number were potentially accessed.

Information security procedures are now being reinforced with its employees and changes are being made to reduce the likelihood of further breaches occurring.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.