More than 650K Patients of Community Medical Centers Notified About Hacking Incident

Share this article on:

The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers.

CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October 10, 2021, and shut down its systems to prevent further unauthorized access. An investigation was launched to determine the nature and scope of the breach, with assistance provided by third-party cybersecurity experts.

The forensic investigation confirmed that unauthorized individuals had gained access to parts of its network where protected health information was stored, including first and last names, mailing addresses, dates of birth, Social Security numbers, demographic information, and medical information.

Due to the sensitive nature of the exposed data, CMC is offering complimentary identity theft protection, identity theft resolution, and credit monitoring services to affected individuals. CMC said it has confirmed its systems are now secure, policies and procedures have been reviewed and updated to improve security, and data management policies have been reviewed and updated.

Law enforcement has been notified about the breach, as have appropriate state attorneys general and the Department of Health and Human Services.

The breach report submitted to the Maine attorney general indicates the protected health information of 656,047 individuals was potentially compromised.

Professional Healthcare Management Discloses Ransomware Attack

Memphis, TN-based Professional Healthcare Management (PMH) has started notifying certain patients that some of their protected health information has potentially been compromised in a September 2021 ransomware attack.

The attack was detected on September 14 and action was quickly taken to secure its servers and workstations. Assisted by third-party cybersecurity and incident response experts, PMH was able to quickly secure and restore its systems and operations. An investigation was conducted to determine the nature and scope of the breach which determined the personal and protected health information of patients may have been accessed and obtained by the attackers.

The breach investigation is ongoing but, at this stage, no evidence of data theft or misuse of patient data has been identified; however, notification letters are now being sent to affected individuals and the incident has been reported to the HHS’ Office for Civil Rights.

PMH said the following types of patient information were potentially compromised: first and last names, Social Security numbers, health insurance information (Medicaid number, Medicare number, and insurance identification number), prescription name(s), and diagnosis code(s).

Additional safeguards are being implemented to improve IT security, cybersecurity policies, protocols, and procedures are being updated, and additional cybersecurity training has been provided to the workforce.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On