Lexington Medical Center and CalViva Health Affected by Third-Party Data Breaches

Share this article on:

Wake Forest Baptist Health has announced an unauthorized individual gained access to the systems of one of its technology vendors between October 16 and October 28, 2020 and potentially viewed or acquired files containing the protected health information of certain patients of Lexington Medical Center in North Carolina.

The breach occurred at Healthgrades Operating Co. Inc., which provided the hospital with patient and community education on health matters and medical services. The exact nature of the breach was not disclosed.

No reports have been received to date to indicate any information was stolen and misused. The types of PHI potentially accessed includes names, addresses, dates of birth, contact information, demographic information, medical treatment information, and Social Security numbers. The files contained PHI dated from mid-2010 to mid-2011.

All individuals whose PHI was potentially compromised in the attack were notified by mail on March 26, 2021 and have been offered complimentary credit monitoring and identity theft protection services.

It is currently unclear how many Lexington Medical Center patients have been affected. Healthgrades Operating Co. reported the breach to the HHS’ Office for Civil Rights as affecting 35,485 individuals in total.

CalViva Health Members Affected by Accellion Ransomware Attack

The protected health information of certain members of Fresno, CA-based CalViva Health has been compromised in a cyberattack at a third-party vendor. The individuals behind the attack may have accessed or downloaded sensitive files, although there are no indications at this stage that any sensitive information has been misused.

The vendor was Health Net Community Solutions, and its file transfer solution was provided by Accellion, which suffered a ransomware attack in which customers’ files were stolen. The attackers had access to data in the solution from January 7 to January 25, 2021.

As is common in manual ransomware attacks, the attackers released a sample of the stolen data on its leak site to encourage payment of the ransom. It is unclear if any of that information relates to CalViva Health members.

Health Net has since removed all files relating to CalViva members from the Accellion file transfer system and has now stopped using Accellion’s file transfer services.

CalViva Health has advised all affected members to monitor their statements and explanation of benefits statements for signs of fraudulent activity. As a precaution against identity theft and fraud, all affected individuals have been offered a membership to credit monitoring and identity theft services for one year at no cost.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On