177,000 Patients Affected by Breach at Northeast Orthopedics and Sports Medicine
Data breaches have recently been reported by Northeast Orthopedics and Sports Medicine, NewGen Administrative Services, Orlando VA Medical Center, Orthopedic Associates of Flower Mound, and Kids Care Dental & Orthodontics.
Northeast Orthopedics and Sports Medicine, New York
Northeast Orthopedics and Sports Medicine in Nanuet, NY, has recently announced that it fell victim to a cyberattack that has affected 177,276 individuals and exposed the protected health information of 177,101 patients. Unusual activity was identified in its network on November 22, 2023. Third-party forensics specialists were engaged to assist with the investigation, and on December 22, 2023, confirmed that there had been unauthorized access to data on its network. The review of the affected files confirmed they contained names, Social Security numbers, driver’s license information, payment information, dates of birth, medical record information, health insurance information, and treatment and diagnosis information. Northeast Orthopedics and Sports Medicine has implemented additional safeguards to prevent similar incidents in the future and is reviewing its policies and procedures related to data protection. Individual notifications were mailed on February 9, 2024.
NewGen Administrative Services, California
Bold Quail Holdings, LLC, which does business as NewGen Administrative Services, has recently confirmed that the protected health information of 105,425 individuals has been exposed. Unauthorized activity was detected on its servers on September 13, 2023, and there may have been unauthorized access to protected health information. The file review confirmed they contained names, addresses, diagnosis/conditions, lab results, medications, other treatment information, dates of birth, driver’s license and/or state identification numbers, Social Security numbers or other identifiers, claims information, credit card numbers, bank account numbers, and other financial information. The types of information exposed varied from individual to individual. The affected individuals were notified on February 23, 2024, and have been offered complimentary credit monitoring services for 12 months.
Orlando VA Medical Center, Florida
Orlando VA Medical Center in Florida has discovered a HIPAA breach involving the protected health information of 10,059 veterans. A former Orlando VA employee was discovered to have emailed documents from their work email account to their personal email account on the employee’s last day of work. The HIPAA violation was detected on January 16, and the VA said no evidence was found to indicate the documents were disclosed to any other individuals. The documents contained names, addresses, phone numbers, email addresses, and for some individuals, dates of birth and partial or complete Social Security numbers. Complimentary credit monitoring services have been offered to the 209 veterans whose Social Security numbers were in the documents.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Orthopedic Associates of Flower Mound, Texas
Orthopedic Associates of Flower Mound in Texas is notifying current and former patients about a breach of its email system. The email breach was identified on or around September 8, 2023, and steps were immediately taken to prevent further unauthorized access. The forensic investigation confirmed there had been unauthorized access to a physician’s email account between July 7, 2023, and September 7, 2023. During that time, emails containing patients’ protected health information may have been viewed or copied. The review of the email account was completed on January 8, 2024, and notification letters were sent to the affected individuals on March 6, 2024. The information exposed in the incident included names, Social Security numbers, financial account and/or payment card numbers, and medical information. The HHS’ Office for Civil Rights website indicates 1,759 individuals have been affected.
Kids Care Dental & Orthodontics, California
CDC Dental Management, Co., which does business as Kids Care Dental & Orthodontics in Northern California, experienced a cyberattack on June 17, 2023, that disrupted access to some of its systems. The forensic investigation confirmed that a threat actor first accessed its systems on June 15, 2023, and removed files from its systems. Third-party specialists were engaged to review the files to determine the types of data involved, and that process was completed on February 29, 2024. Individual notifications have now been mailed to the affected individuals and complimentary credit monitoring and identity protection services have been made available. The incident has been reported to regulators, but it is not currently clear how many individuals have been affected or the types of data involved. The specific data involved is detailed in the individual notifications that have been mailed to the affected individuals.
