Grand River Medical Group Email Breach Impacts 34,000 Patients

Grand River Medical Group in Dubuque, OH has discovered an unauthorized individual gained access to the email account of an employee and may have viewed or obtained the protected health information of 34,000 patients.

Upon discovery of the breach, a password reset was performed to prevent any further unauthorized access and an internal investigation was launched to determine whether any other systems were breached. The Grand River Medical Group IT team confirmed that only one email account was compromised and no other systems were accessed.

Third-party breach response experts were engaged to conduct a forensic analysis to determine whether any patient information in the email account was viewed or exfiltrated. It was not possible to rule out data theft, although no evidence was found to indicate patient data was stolen in the attack.

The information in the email account varied from patient to patient and included one or more of the following types of protected health information in addition to patient names: Address, date of birth, patient’s balance and balance type, visit type, claim amount and status code, medications, and guarantor’s name. Some Social Security numbers were also exposed.

Notifications were sent to affected patients between February 8 and February 11, 2021. Affected individuals have been offered a complimentary 12-month membership to credit monitoring and identity theft recovery services through MyIDCare, which includes a $1,000,000 identity theft insurance policy.

PHI of 15,600 Patients Potentially Compromised in Granite Wellness Centers Ransomware Attack

Granite Wellness Centers in Northern California suffered a ransomware attack on January 5, 2021 in which patient information was encrypted. The attack was detected while it was in progress and systems were taken offline to prevent the exfiltration of data.

A ransom remand was issued, but no ransom was paid. Granite Wellness Centers was able to restore all encrypted files from backups. A review of the systems affected revealed they contained patient data such as names, dates of birth, dates of service, treatment and health information, treatment provider, and health insurer name.

Granite Wellness Centers has not received any reports that indicate patient information has been misused; however, affected individuals have been advised to monitor their accounts and explanation of benefits statements for suspicious activity. Additional safeguards are being implemented to prevent further cyberattacks and to secure data stored on its systems.

The PHI of up to 15,600 individuals was potentially compromised in the attack.

Texas Spine Consultants Security Breach Impacts 25,728 Patients

Texas Spine Consultants in Addison, TX has discovered a security incident which resulted in the inadvertent disclosure of the protected health information of 25,728 patients. The security incident occurred on December 2, 2020 and is still under investigation, but it does not appear that the disclosure was linked to hackers or criminal activity.

The information inadvertently disclosed was limited to patients’ names, dates of birth, and image scans. Texas Spine Consultants has notified affected individuals by mail and has provided information to help them protect themselves against fraudulent activity. Additional privacy and security measures have now been implemented to prevent further data breaches in the future.

Southern California Center for Anti-Aging Discovers Email Account Breach

The Southern California Center for Anti-Aging in Torrance, CA has discovered an unauthorized individual gained access to an employee’s email account and may have viewed or downloaded patient information.

The breach was detected on December 9, 2020 and access to the email account was immediately blocked. A review of the compromised account revealed it contained patient names along with limited clinical information about the care provided at the Southern California Center for Anti-Aging.

The Southern California Center for Anti-Aging has implemented additional security measures to prevent further breaches in the future and all affected individuals have been notified by mail.

PHI Potentially Obtained in Gastroenterology Consultants Hacking Incident

Gastroenterology Consultants in Reno, NV is notifying 2,500 patients about a data security incident that occurred on December 8, 2020. A hacker gained access to a server and potentially obtained files containing patient names, addresses, contact telephone numbers, and other personally identifiable information.

A forensic investigation was conducted by a third-party security firm and it appears that files were exfiltrated from the server. Additional cybersecurity measures have now been implemented to prevent further breaches in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.