Kaiser Permanente, Soliant Health & Potomac Medical Aesthetics Report Email Breaches
Email-related HIPAA data breaches have been reported by Kaiser Permanente in California, Soliant Health in Georgia, and Potomac Medical Aesthetics in Maryland.
Kaiser Permanente
Kaiser Permanente has recently discovered unauthorized access to two employee email accounts. The account compromises were detected on September 3, 2024, and the accounts were immediately secured and passwords were reset. The investigation confirmed that the accounts contained the protected health information of patients and members in Southern California, including first and last names, dates of birth, medical record numbers, and medical information, but not Social Security numbers, financial information, or usernames/passwords.
While there are no indications that any of the exposed information has been misused, Kaiser Permanente has recommended that the affected individuals should monitor their accounts, explanation of benefits statements, and credit reports for signs of misuse of their personal information. Kaiser Permanente said it is taking steps to prevent similar incidents in the future, including strengthening internal practices and controls. The incident was reported to the HHS’ Office for Civil Rights as involving the protected health information of 44,600 individuals.
Soliant Health
Soliant Health has recently reported a data breach to the Maine Attorney General that involved the personal information of 13,818 individuals. Soliant Health is a Peachtree Corners, GA-based healthcare staffing company that provides medical staff to healthcare facilities across the United States. On June 25, 2024, suspicious activity was detected in an employee’s email account. Third-party cybersecurity experts were engaged to assist with the investigation and confirmed that an unauthorized third party had accessed the email account and may have acquired information in the account.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the account was completed on October 3, 2024, and confirmed that information such as names, Social Security numbers, driver’s license numbers, and government ID numbers had been exposed. Soliant Health has offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or driver’s license numbers were exposed.
Potomac Medical Aesthetics
Potomac Medical Aesthetics (PMA) in Maryland has recently reported an email-related data breach to the HHS’ Office for Civil Rights that affected 2,876 patients. An internal document containing patients’ names and email addresses was inadvertently emailed to other PMA patients as an attachment. The error was immediately identified and steps were taken to prevent further outbound email processing. A message recall notice was sent to patients requesting they promptly and permanently delete the email and confirm they had done so and not disclosed the list to anyone. PMA is unaware of any misuse of the disclosed information. Since email addresses were disclosed, the affected individuals should be vigilant against phishing and other scam emails.
