Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

Cleveland, OH-based Parker-Hannifin Corporation, a manufacturer of motion and control technologies, has recently announced that unauthorized individuals have gained access to some of its IT systems and may have acquired files containing the sensitive information of current and former employees, their dependents, and other individuals affiliated with the company.

Suspicious activity was detected within its IT environment on March 14, 2022. The forensic investigation confirmed its systems were accessed by unauthorized individuals between March 11, 2022, and March 14, 2022. A comprehensive review of the affected files confirmed they contained information such as names, birth dates, addresses, Social Security numbers, driver’s license numbers, passport numbers, financial account information such as bank account and routing numbers, and online account usernames and passwords. Current and former members of the Parker Group Health Plan, or a health plan sponsored by an entity acquired by Parker, may also have had their enrollment information compromised, which includes health insurance plan member ID number and dates of coverage.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 119,513 group health plan members. Affected individuals have been notified and offered a complimentary 2-year membership to Experian’s IdentityWorks identity theft protection and resolution services.

Behavioral Health Partners of Metrowest Reports Data Theft Incident

Framingham, MA-based Behavioral Health Partners of Metrowest (BHPMW) has notified 11,288 individuals that some of their protected health information has been copied from its systems by an unauthorized individual. BHPMW learned of the data breach on October 1, 2022, with the forensic investigation confirming the unauthorized individual accessed its systems and removed data on September 14 and September 18, 2021.

The stolen data related to the Behavioral Health Community Partner Program which BHPMW operates under contract with MassHealth, in collaboration with the Advocates, Family Continuity, SMOC, Spectrum Health Systems, and Wayside Youth and Family Support provider agencies and included names, addresses, Social Security numbers, birth dates, client identification numbers, health insurance information, and medical diagnosis/treatment information. BHPMW is unaware of any attempted or actual misuse of the stolen information.

Notification letters were sent to affected individuals on May 11, 2022, and those individuals have been offered complimentary credit monitoring and identity protection services.

Vail Health Services Data Security Incident Affects 17,000 Patients

A data security incident at Vail Health in Colorado has resulted in the exposure and potential theft of the protected health information of 17,039 patients. Vail Health said it started experiencing disruption to its network systems and launched an investigation which revealed on April 5, 2022, that an unauthorized individual had gained access to its systems on February 11, 2022.

The compromised systems contained a small number of files that included information about individuals who received COVID-19 tests from Vail Health, such as names, birth dates, contact information, encounter numbers, and COVID-19 test results. No Financial information, health insurance information, or Social Security numbers were exposed or compromised.

The systems already had controls that restricted access to limited individuals. Additional security measures have now been implemented to further restrict access.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.