HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Michigan Law Firm and Medical Imaging Companies Confirm Breaches of Patient Information

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021. The substitute breach notification does not state when, and for how long, unauthorized individuals had access to its systems.

A digital forensics firm was engaged to investigate the nature and scope of the data breach and a programmatic and manual review was conducted on files on the affected parts of its network. The review confirmed that the files contained information such as names, dates of birth, Social Security numbers, driver’s license numbers, government-issued IDs, annual compensation amounts, benefit contribution information, credit card or debit card numbers, credit card or debit card PINs, financial account or routing numbers, passport numbers, patient account numbers, health information, and life insurance policy information.

Notification letters were sent to affected individuals in August and information was provided on the steps that individuals can take to reduce the risk of identity theft and fraud, but it would appear that credit monitoring and identity theft protection services are not being offered. The law firm said it will be taking steps to improve security to prevent further data breaches.

Medical Imaging Companies Confirms Breach of PHI

Gateway Diagnostic Imaging, which operates 12 medical imaging facilities in North Texas, and the Tucson, AZ-based medical imaging company, Radiology Ltd, have recently started notifying certain patients about a breach of systems that contained patient information. The data breach was detected on December 24, 2021, with the forensic investigation confirming that unauthorized individuals had access to its systems between December 17 and December 24, 2021.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The files on the affected systems contained information such as names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, physician names, dates of service, and information related to the radiology services provided.

As a precaution against identity theft and fraud, affected individuals have been offered a complimentary 12-month membership to the Equifax Credit Watch Gold credit monitoring and identity theft protection service. Gateway Diagnostic Imaging and Radiology Ltd. said additional safeguards are being implemented to prevent further security breaches, and enhancements have been made to its monitoring capabilities.

The breach has yet to appear on the HHS’ Office for Civil Rights Breach portal so it is currently unclear how many individuals have been affected.

Health Insurers Confirm Members’ PHI was Compromised in OneTouchPoint Data Breach

Over the past few weeks, several health plans have confirmed that their members’ protected health information was compromised in a ransomware attack on the printing and mailing vendor OneTouchPoint. OneTouchPoint recently confirmed to the Maine Attorney General that the PHI of 2.65 million individuals was compromised in the attack. Initially, the breach was reported to the Maine Attorney General as affecting around 1.1 million individuals.

Arkansas Blue Cross and Blue Shield recently notified the HHS’ Office for Civil Rights that the PHI of 8,871 of its members was compromised in the attack, and Medical Mutual of Ohio has reported the breach as affecting 1,377 of its members.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.