HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

K and B Surgical Center & Healthpointe Medical Group Notify Patients About Hacking Incidents

K and B Surgical Center in Beverley Hills, CA has discovered an unauthorized individual gained access to its computer network. The security breach was detected on March 30, 2021, with the third-party forensic investigation confirming its network was compromised between March 25 and March 30.

Upon discovery of the breach, steps were taken to prevent further unauthorized access and an investigation was launched to determine the extent of the breach. The investigation concluded on April 27, 2021 that the attacker gained access to parts of the network that contained the protected health information of patients.

Data mining was performed on the affected servers to determine which types on information had been exposed and the patients that had been affected. K and B Surgical Center said in its September 3, 2021 breach notification letters that it took until July 27 to obtain a finalized list of affected patients.

The types of information potentially accessed and/or exfiltrated included the following data elements: Names, addresses, phone numbers, driver’s license numbers, diagnoses, treatment and prescription information, provider names, patient IDs, Medicare/Medicaid numbers, lab test results, health insurance information, and treatment cost information. At the time of issuing notification letters, no reports had been received of any cases of actual or attempted misuse of patient data as a result of the security breach.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

In total, notification letters have been sent to 14,772 individuals. K and B Surgical Center has offered 12 months of complimentary credit monitoring and identity theft restoration services to affected individuals as a precaution against identity theft and fraud.

Following the security breach, passwords were changed for all user accounts, VPN connections, and email accounts and new anti-virus security systems and threat monitoring programs were installed on all computers. The workforce has been retrained on security, its Security Rule risk analysis has been updated, and periodic security audits will be conducted to identify potential vulnerabilities.

Healthpointe Medical Group Notifies Patients About Hacking Incident

Healthpointe Medical Group in Portland, OR has notified certain patients about a hacking incident and the exposure of their protected health information.

Healthpointe discovered suspicious activity on certain servers on or around June 9, 2021. Steps were promptly taken to secure its IT systems and a leading computer forensics firm was engaged to investigate the nature and scope of the breach. On or around July 7, 2021, the investigation confirmed the attacker had gained access to files or folders that contained patient data. A review of those files and folders was completed on July 27 and confirmed they contained names, addresses, and Social Security numbers. Notification letters started to be sent to affected individuals in late August.

Healthpointe has performed a company-wide password reset, updated its firewalls, expanded the use of multi-factor authentication, and took other steps to enhance its security protocols. Affected individuals have been told they can avail of 12 months of identity theft protection services through IDX at no cost and will be protected by a $1 million identity theft insurance policy.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.