Gastroenterology, Cardiology, and Nursing Care Providers Suffer Cyberattacks
Cyberattacks have recently been announced by Connecticut GI and Gastroenterology Associates of Fairfield, Cardiology Associates of Mobile, and Pavilion of Bridgeview.
Patient Data Stolen in Cyberattack on Connecticut GI & Gastroenterology Associates of Fairfield
Connecticut GI and Gastroenterology Associates of Fairfield have recently confirmed that the protected health information of 10,568 patients was stolen in a security breach in June 2024. The clinics learned on June 19, 2024, that an unauthorized individual had accessed servers between June 5 and June 7, 2024, and copied data.
Action was immediately taken to prevent any further unauthorized access to its servers and a review of the affected data was initiated, which confirmed that names and financial account information had been stolen. Notification letters were mailed to the affected individuals on or around November 26, 2024, and complimentary credit monitoring services have been made available. The clinics are reviewing information security measures and are working to implement additional technical safeguards.
Cardiology Associates of Mobile
Cardiology Associates of Mobile, a physician group serving patients in Alabama and Mississippi, has notified 1,514 patients about an October 2024 security incident. On or around October 22, 2024, an unauthorized third party attempted to access its computer network. Assisted by third-party IT security and forensic investigators, Cardiology Associates confirmed that there had been unauthorized access to parts of its network that contained patient information, although no specific evidence was found to indicate any patient data was accessed for misuse or has been publicly released. As of December 3, 2024, no reports of misuse of patient data had been received.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The types of information involved varied from individual to individual and may have included names, birth dates, passport numbers, driver’s license numbers, and Social Security numbers. Cardiology Associates of Mobile said, “Rest assured, we have taken all available steps to prevent further access to your personal data and do not anticipate that any of your information related to this incident will be publicly released or misused.”
Additional safeguards and enhanced security measures are being implemented to prevent similar incidents in the future and policies and procedures are being reviewed, including those related to life cycle management. The affected individuals have been offered complimentary access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services.
Pavilion of Bridgeview
Pavilion of Bridgeview, a nursing home in Bridgeview, Illinois, was notified on September 26, 2024, that its electronic health record (EHR) platform provider, PointClickCare, had experienced a data security incident that involved unauthorized access to patient records. The EHR provider discovered unauthorized access to its platform on July 20, 2024. The investigation confirmed that an unauthorized third party used compromised end-user credentials to access, view, and acquire the information of Pavilion of Bridgeview patients. The records accessed included names, birth dates, Medicare/Medicaid numbers, Social Security numbers, diagnosis and treatment information, admission and discharge dates, prescription information, and health insurance policy numbers.
When the breach was discovered, PointClickCare deactivated the compromised credentials, forced a password change, and increased password complexity requirements, and as a precaution, Pavilion of Bridgeview also implemented additional security measures. The 1,407 affected individuals have been notified by mail and complimentary credit monitoring and identity protection services have been offered.
