Healthcare Data Breaches Reported in New York, Florida, & Arkansas
Data breaches have recently been reported by Advanced Recovery Equipment & Supplies in New York, We Level Up Treatment in Florida, and Arkansas Blue Cross and Blue Shield.
Advanced Recovery Equipment & Supplies, New York
Advanced Recovery Equipment & Supplies, a New York-based supplier of medical recovery products, has identified a breach of its network and the theft of files containing customer data. The forensic investigation confirmed that an unauthorized third party accessed its network between June 27, 2023, and July 28, 2023, and removed files from the network.
Assisted by third-party specialists, Advanced Recovery Equipment & Supplies conducted a comprehensive review of the affected files, which concluded on September 29, 2024. The files exfiltrated from its network included the protected health information of 56,000 individuals. Data compromised in the incident included names along with one or more of the following: Social Security number, date of birth, driver’s license number/state identification number, credit or debit card information, username and password, medical information, and/or health insurance policy information.
Individuals affected by the incident were notified by mail on October 18, 2024. At the time of issuing notifications, no reports had been received to indicate any misuse of the affected data; however, as a precaution, individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. Advanced Recovery Equipment & Supplies said it is evaluating its security measures and will enhance them to prevent similar breaches in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Holistix Treatment Center (We Level Up Treatment Lake Worth), Florida
Holistix Treatment Center, doing business as We Level Up Treatment Lake Worth in Florida, a health network specializing in behavioral healthcare management, experienced a network security incident on or around July 26, 2024. Steps were immediately taken to prevent further unauthorized access and independent IT security and forensic investigators were engaged to determine the scope and extent of the incident.
The information exposed and potentially stolen in the incident included first and last names, mailing addresses, Social Security numbers, and protected health information. At the time of issuing notifications, no reports had been received to indicate any misuse of that data. The 6,567 affected individuals have now been notified by mail and complimentary credit monitoring and identity theft protection services have been offered to the affected individuals, and additional safeguards have been implemented to prevent similar incidents in the future.
Arkansas Blue Cross and Blue Shield
Arkansas Blue Cross and Blue Shield has alerted certain members about a data breach involving a vendor (Healthmine) that manages its Blue Wellness Rewards program portal. On August 26, 2024, Healthmine discovered unauthorized access to the portal by an individual who illegally redeemed digital gift cards. While that appeared to be the sole aim of the attack, the hacker also had access to members’ data, including names, addresses, email addresses, dates of birth, and prescription histories.
When the breach was discovered, Healthmine disabled the affected Rewards accounts and blocked the Internet domains associated with the unauthorized access. Due to the exposure of sensitive data, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. The breach has recently been reported to the HHS’ Office for Civil Rights as affecting 633 members.
