New Jersey Oral & Maxillofacial Surgery Notifies 74,400 Patients About PHI Exposure
New Jersey Oral & Maxillofacial Surgery has confirmed that the PHI of 74,413 individuals has been exposed in a cyberattack. The Kansas Fire Department is investigating a security incident and has confirmed that sensitive data was exfiltrated from its network.
New Jersey Oral & Maxillofacial Surgery Notifies Patients About April 2024 Cyberattack
New Jersey Oral & Maxillofacial Surgery has notified 74,413 patients that some of their protected health information has been stolen in a cyberattack. A security incident was detected on May 14, 2024, and the investigation confirmed that there had been unauthorized access to its computer systems starting on or around April 19, 2024. The practice immediately initiated its incident response procedures and worked quickly to secure its systems to prevent further unauthorized access.
The investigation confirmed that an unauthorized third party accessed the network and acquired certain files from its computer systems. The review of the exposed files confirmed that they contained patient information including names, addresses, dates of birth, other demographic and contact information, Social Security numbers, driver’s license numbers, state ID numbers, insurance information, financial account information, and diagnosis and treatment information.
No evidence has been found to indicate there has been any actual or attempted misuse of the stolen data; however, the practice has warned patients to be alert to the risk of identity theft and fraud and to monitor their accounts and free credit reports for suspicious activity. As a precautionary measure, the practice has offered the affected individuals credit monitoring and identity theft protection services at no cost.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Kansas Fire Department Warns of Cyberattack Involving Data Theft
The Unified Government of Wyandotte County and Kansas City, Kansas Fire Department, has issued a preliminary notice about a cybersecurity event that was detected on May 21, 2024. Immediate action was taken to contain the attack and restore access to its systems to allow the fire department to continue to serve the community. An investigation was launched to determine the nature and scope of the unauthorized activity, which confirmed that an unauthorized third party had accessed the network and exfiltrated certain files from its computer systems.
The preliminary findings of the investigation revealed the information in the files included names and other information related to the EMS department, including EMS medical records. The investigation is ongoing, and the review of the affected files is underway, but it is not yet possible to confirm the exact number of affected individuals nor the specific information that has been exposed or stolen. Once the review has been completed and contact information has been verified, notifications will be mailed to the affected individuals.
The fire department said it is reviewing its security policies and procedures and will be implementing additional security measures to reduce the risk of similar events in the future. To meet the breach reporting requirements of the HIPAA Breach Notification Rule, the data breach has been reported to the HHS’ Office for Civil Rights as affecting at least 501 individuals. The total will be updated when the review has been completed.
