PHI of 26,600 Individuals Potentially Copied in Colorado Retina Associates Phishing Attack

On January 12, 2021, Denver-based Colorado Retina Associates discovered the email account of one of its employees had been accessed by an unauthorized individual who used it to send phishing emails to individuals in the employee’s contact list. The email account was immediately secured and a cybersecurity firm was engaged to investigate the incident to determine the extent of the breach.

That investigation concluded on February 24, 2021 and revealed other email accounts had also been compromised, two of which contained patients’ protected health information. The nature of the attack meant that between January 6, 2021 and January 17, 2021, synching may have occurred. That means the contents of the email accounts may have been copied to the attacker’s device.

A comprehensive review of the email accounts was performed which revealed the protected health information of 26,609 individuals was stored in the accounts. The types of PHI varied from individual to individual may have included full names, date of birth, home addresses, phone numbers, email addresses, dates of service, diagnoses and conditions, labs and diagnostic studies, medications, other treatment or procedure information, and certain health insurance, claims, billing, and payment information.

Fewer than 3% of affected individuals had their Social Security exposed, and fewer than 0.2% of individuals had their driver’s license, financial account, or payment card information exposed.

A password reset was performed across the entire email system and changes have been made to how authorized individuals access email accounts. Security awareness has also been reinforced across the entire workforce.

Affected individuals have now been notified and have been offered 12 months of identity theft protection services.

Walmart Discovers PHI of 2,067 Customers Potentially Compromised in Vendor Breach

On February 16, 2021, Walmart was notified by one of its suppliers about a security incident that may have involved the protected health information of Walmart customers.

The supplier used a data hosting service which was compromised on January 20, 2021. The attackers stole records related to 2,067 Walmart pharmacy customers which included information such as names, dates of birth, addresses, telephone numbers, medication information, prescription numbers, prescriber information, prescription dates, and a very small number of health insurance subscriber ID numbers.

The supplier said it immediately stopped using the data hosting service once it became aware of the breach. Walmart said it is reviewing the security practices of its supplier and will be monitoring the circumstances surrounding the data security event.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.