OrthoConnecticut Data Breach Affects 118,000 Patients
OrthoConnecticut has confirmed that the protected health information of more than 118,000 patients has been exposed in a cyberattack. Data breaches have also been reported by Green Diamond Resource Company and Empath Health.
OrthoConnecticut
OrthoConnecticut, a Danbury, CT-based multi-specialty orthopedic practice with 9 locations in Connecticut, recently identified unauthorized access to its network. The forensic investigation confirmed that an unauthorized third party had access to its network between November 24, 2023, and November 28, 2023, and during that time, may have removed files from the network that contained patients’ protected health information.
OrthoConnecticut conducted a comprehensive review of all files on the network to determine which patients were affected, and it was confirmed on March 27, 2024, that the protected health information of 118,141 patients had been exposed. The types of information involved varied from patient to patient and may have included full names in combination with one or more of the following: Social Security number, date of birth, and medical information such as patient account number, doctor’s name, lab test details, and patient history. OrthoConnecticut said it had taken many precautions before the incident to protect patient data, including continually monitoring and modifying its practices and internal controls, and will continue to do so.
Green Diamond Resource Company
Green Diamond Resource Company, a Washington-based forest products company, has recently reported a data breach to the HHS’ Office for Civil Rights that involved the protected health information of 8,172 individuals. On or around June 27, 2023, suspicious activity was identified in its network, and, aided by third-party cybersecurity experts, it was determined that there had been unauthorized access to its network between June 26, 2023, and June 27, 2023. The review of the affected files was completed on February 23, 2024. While no evidence was found to indicate any access to or theft of sensitive data, the following information had been exposed: names, dates of birth, medical information, health insurance information, Social Security numbers, financial account information, driver’s license numbers/state identification numbers, government-issued identification numbers, passport numbers, and full access credentials. Green Diamond Resource Company has reviewed its policies and procedures related to privacy and security and has implemented additional safeguards to prevent similar breaches in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Empath Health
Empath-Stratum Inc., which does business as Empath Health in Florida, has recently announced that the protected health information of 5,545 patients has been exposed in a recent security breach. The non-profit organization identified unauthorized access to its internal network on February 27, 2024. Action was immediately taken to secure its network and an investigation was launched to determine the nature and scope of the breach. The investigation revealed an unauthorized third party had accessed accounts between February 26 and February 27, 2024, and one account was found to have been accessed between December 5 and December 6, 2023.
The review of the affected accounts confirmed that they contained patient information. The types of data in the accounts varied from patient to patient and included names, dates of birth, patient identifiers, treatment information, and certain care costs. No reports have been received of any cases of actual or attempted identity theft and fraud at the time of issuing notifications. Empath Health said additional technical security measures have been implemented, and policies, practices, and staff training are being reviewed to prevent similar incidents in the future.
