Email Breach at Guam Seventh-Day Adventist Clinic Affects 56,000 Individuals
Email accounts have been compromised at Guam Seventh-Day Adventist Clinic and Mount Carmel Behavioral Health. The attack on Guam Seventh-Day Adventist Clinic involved the protected health information of 56,635 individuals and result in a breach of HIPAA email rules.
Guam Seventh-Day Adventist Clinic
Guam Seventh-Day Adventist Clinic in Tamuning, Guam, has recently notified 56,635 individuals about a breach of a limited number of employee email accounts. The email accounts were breached between January 23, 2023, and February 3, 2023. A breach notice was uploaded to its website to inform patients about the breach; however, notifications are only now being mailed due to the time taken to investigate the incident. On August 6, 2024, the clinic confirmed that personal and protected health information had been exposed and potentially acquired by unauthorized individuals, although no misuse of the affected information has been identified.
The types of data involved varied from individual to individual and may have included names along with one or more of the following: address, phone number, email address, date of birth, financial account information ( including account and routing number), payment card information, username and password, driver’s license number, government identification number, vehicle identification number, passport number, Social Security number, taxpayer ID number, mother’s maiden name, medical record number, patient ID account number, medical diagnosis and treatment information, and health insurance information.
Guam Seventh-Day Adventist Clinic has implemented additional cybersecurity safeguards, improved its cybersecurity policies, procedures, and protocols, and has enhanced its employee cybersecurity training program.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Mount Carmel Behavioral Health
Mount Carmel Behavioral Health in Columbus, OH, has discovered unauthorized access to an employee email account. The email account breach was identified on June 12, 2024, a day after the account was breached. Immediate action was taken to secure the account to prevent further unauthorized access, and a forensic investigation was conducted to determine the extent of the breach.
Third-party cybersecurity experts confirmed the email account was accessed by an unauthorized individual between June 11, 2024, and June 12, 2024. During that time, certain emails and attachments containing patient data were viewed and potentially copied. No other email accounts were compromised in the incident.
The review is ongoing, but it has been determined that the types of information involved included names, dates of birth, addresses, medical record numbers, patient account numbers, health insurance information, diagnoses and/or treatment information. A limited number of patients also had their Social Security numbers exposed.
Notification letters were mailed to the affected individuals between August 9, 2024, and August 30, 2024, and complimentary credit monitoring and identity protection services were offered to individuals whose Social Security numbers were exposed. On August 30, 2024, the breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 500 individuals.
