Email Accounts Breached at DAP Health; Access TeleCare; Northwest Asthma and Allergy Center
Hackers have gained access to email accounts and potentially obtained the data of patients of DAP Health, Borrego Health, Access TeleCare, and Northwest Asthma and Allergy Center.
DAP Health and Borrego Health
DAP Health in Palm Springs, CA, and its Borrego Springs, CA-based subsidiary Borrego Health, have recently notified patients about a cybersecurity incident detected on or around July 22, 2024. An investigation was launched to determine the cause of suspicious activity in its email system, and it was confirmed that an unauthorized third party accessed and/or acquired sensitive data contained in emails and file attachments. The review of the affected email accounts was completed on November 26, 2024.
The information potentially stolen in the incident varied from individual to individual and may have included names, addresses, phone numbers, dates of birth, health insurance information, Social Security numbers, medical record numbers, passport numbers, Medicare/Medicaid numbers, patient IDs, medical treatment location, diagnoses, treatment and procedure information, medical histories, allergies, prescriptions, healthcare provider names, test results/images, vital signs information, birth certificate numbers, driver’s license numbers, financial information, user IDs and passwords, license plate/VIN vehicle IDs.
Affected individuals have been offered complimentary credit monitoring and identity protection services, and steps have been taken to strengthen security to prevent similar incidents in the future. The data breach has been reported to regulators; however, the breach is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Access TeleCare
Dallas, TX-based Access TeleCare, a provider of acute and specialty telemedicine care, has sent notification letters to patients affected by a security incident detected on January 8, 2024. Suspicious activity was identified in an employee’s email account and the forensic investigation revealed multiple email accounts had been accessed by an unauthorized third party between November 6, 2023, and January 8, 2024. During that time, emails and files in the compromised accounts may have been downloaded.
A comprehensive and time-consuming review was conducted to determine the individuals affected and the types of information involved. That process was completed by its third-party data review vendor on August 30, 2024. Individual notification letters were mailed to the affected individuals on December 23, 2024. The delay in mailing notification letters was due to the time taken to verify the information provided by its data vendor and obtain up-to-date address information.
The data potentially compromised varied from individual to individual and may have included names, dates of birth, medical record numbers, patient account numbers, patient identification numbers, medical and clinical information, and provider names and locations. TeleCare said it is unaware of any misuse of the affected data; however, it has offered the affected individuals 12 months of complimentary credit monitoring and identity theft protection services and has implemented additional security measures to prevent similar breaches in the future. Regulators have been notified; however, it is currently unclear how many individuals have been affected.
Northwest Asthma and Allergy Center
Northwest Asthma and Allergy Center, which operates 6 centers in Seattle, Everett, Issaquah, Redmond, Renton, and Richland in Washington, has notified around 1,000 patients that some of their protected health information was contained in an employee’s email account that was accessed by an unauthorized third party overnight on November 12, 2024. The unauthorized access was detected and terminated on November 13, 2024.
Electronic medical records were not accessed; however, the email account was found to contain patient referrals, patient registration forms, test results, authorization and consent forms, and prior treatment records. Northwest Asthma and Allergy Center believes the information exposed in the incident was limited to names, birthdates, social security numbers, insurance carriers, treatment dates, test results, treatment plans, and contact information. Northwest Asthma and Allergy Center said steps are being taken to prevent similar incidents in the future.
