HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hacking Incidents Reported by AccelHealth and Pace Center for Girls

Brownwood, Texas-based Cross Timbers Health Clinics, operating under the brand AccelHealth, suffered a ransomware attack on December 15, 2021, which prevented the Federally Qualified Health Center from accessing certain files and folders on its network. AccelHealth engaged third-party forensics specialists to investigate the security breach who determined unauthorized individuals first gained access to its network on December 9, 2021.

During the 6 days when network access was possible, the attackers may have viewed or acquired files containing patient information. A comprehensive review of all files on the compromised parts of the network revealed they contained the protected health information of 48,126 patients, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, health insurance information, medical record numbers, and treatment and diagnosis information.

No evidence was found of data exfiltration and, at the time of issuing notification letters, no reports had been received to suggest any actual or attempted misuse of patient data. AccellHealth said additional technical security measures are being implemented to prevent further cyber attacks and affected individuals have been offered complimentary credit monitoring services.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 48,126 individuals.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Pace Center for Girls Discovers 11-Month System Breach

Pace Center for Girls, a Jacksonville, FL-based 6-12 education program for at-risk teenage girls, has discovered certain infrastructure systems were accessed by unauthorized individuals who may have viewed or acquired the sensitive data of current and former students.

The security breach was detected in the week of December 13, 2021, and the subsequent investigation confirmed in January 2021 that parts of its IT infrastructure that contained sensitive information had been accessed by unauthorized individuals. The exposed data included students’ full names, addresses, phone numbers, dates of birth, Florida Department of Juvenile Justice identification numbers, enrollment data, behavioral health information, and parent/guardian names.

Pace Center for Girls said a third-party cybersecurity firm was hired to help secure its network and physical computer access and assess its data protection and gateway security systems. Additional security measures will be implemented, as appropriate, to better protect against unauthorized access. Affected individuals have been advised to place fraud alerts with Experian, Equifax, and TransUnion to identify any fraudulent use of their personal information. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 18,300 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.