HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

More than 650K Patients of Community Medical Centers Notified About Hacking Incident

The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers.

CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October 10, 2021, and shut down its systems to prevent further unauthorized access. An investigation was launched to determine the nature and scope of the breach, with assistance provided by third-party cybersecurity experts.

The forensic investigation confirmed that unauthorized individuals had gained access to parts of its network where protected health information was stored, including first and last names, mailing addresses, dates of birth, Social Security numbers, demographic information, and medical information.

Due to the sensitive nature of the exposed data, CMC is offering complimentary identity theft protection, identity theft resolution, and credit monitoring services to affected individuals. CMC said it has confirmed its systems are now secure, policies and procedures have been reviewed and updated to improve security, and data management policies have been reviewed and updated.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Law enforcement has been notified about the breach, as have appropriate state attorneys general and the Department of Health and Human Services.

The breach report submitted to the Maine attorney general indicates the protected health information of 656,047 individuals was potentially compromised.

Professional Healthcare Management Discloses Ransomware Attack

Memphis, TN-based Professional Healthcare Management (PMH) has started notifying certain patients that some of their protected health information has potentially been compromised in a September 2021 ransomware attack.

The attack was detected on September 14 and action was quickly taken to secure its servers and workstations. Assisted by third-party cybersecurity and incident response experts, PMH was able to quickly secure and restore its systems and operations. An investigation was conducted to determine the nature and scope of the breach which determined the personal and protected health information of patients may have been accessed and obtained by the attackers.

The breach investigation is ongoing but, at this stage, no evidence of data theft or misuse of patient data has been identified; however, notification letters are now being sent to affected individuals and the incident has been reported to the HHS’ Office for Civil Rights.

PMH said the following types of patient information were potentially compromised: first and last names, Social Security numbers, health insurance information (Medicaid number, Medicare number, and insurance identification number), prescription name(s), and diagnosis code(s).

Additional safeguards are being implemented to improve IT security, cybersecurity policies, protocols, and procedures are being updated, and additional cybersecurity training has been provided to the workforce.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.