NorthWest Congenital Heart Care Reports Theft of Device Containing PHI of 1,166 Patients
Washington-based NorthWest Congenital Heart Care is alerting 1,166 patients that some of their protected health information has been acquired by an unauthorized individual. On May 7, 2021, an unauthorized third party entered the office of a single NWCHC physician and stole an external hard drive that was used for data backups. The theft was reported to law enforcement, but the hard drive has not been recovered.
A review of the data backups revealed they contained patient information such as names, dates of birth, ages, medical and treatment information, dates of service, location of service, physician names, services requested, procedures performed, diagnosis codes, diagnosis and treatment descriptions, medical record numbers and, for one individual, health insurance information.
To reduce the risk of future data breaches, NorthWest Congenital Heart Care will be eliminating the use of external hard drives for data backups.
Superior HealthPlan Members Affected by Accellion Data Breach
2,781 members of Superior HealthPlan in Texas have been notified that some of their protected health information was compromised in the cyberattack on Accellion. The attack affected the Accellion file transfer appliance, which was used for sending files too large to be sent via email.
Get The Checklist
Free and Immediate Download
HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
The attackers had access to the platform between January 7 and January 20, 2021. On April 2, 2021, Superior HealthPlan discovered the attackers were able to access and download files containing names, addresses, dates of birth, insurance ID numbers, and health information such as medical condition and treatment information.
All affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. Accellion’s services are no longer being used, all data has been removed from Accellion’s systems, and file transfer processes and tools have been reviewed and are being updated to prevent similar breaches in the future.