The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI of Almost 75,000 Individuals Exposed in Email Incident at AmeriBen

Posted By on Sep 19, 2023

IEC Group, Inc., doing business as AmeriBen, a medical benefits administration services provider, has recently reported an email-related data breach to the HHS’ Office for Civil Rights that affected up to 74,884 individuals. The incident was reported as an unauthorized access/disclosure incident. It is unclear from the breach notice whether the incident involved an unauthorized third party or an insider.

AmeriBen said it has no reason to believe that any of the exposed information will be misused but has advised the affected individuals to monitor their Explanation of Benefits statements as a precaution. The email account contained protected health information such as employees’ first and last names, claimants first and last names, case numbers, employer CERT codes, provider name, provider city, claim number, date(s) of service, internal INEL codes, and amounts billed and paid.

Sanford Health Affected by Cyberattack on Imaging Vendor

Sanford Health has recently alerted certain patients that some of their protected health information was exposed in a security incident at its imaging vendor, DMS Health Technologies. DMS Health Technologies identified suspicious activity in its computer systems on April 23, 2023. The forensic investigation confirmed that unauthorized individuals had access to its network between March 27 and April 24, 2023, and during that time, sensitive client data was exposed. Sanford Health said the exposed information was limited to names, birth dates, dates of service, physician names, and exam types. 21,211 Sanford Health patients have been affected.

Delta Dental of California Affected by Ransomware Attack on Law Firm

The protected health information of Delta Dental of California patients was exposed in a cyberattack on its legal counsel, Orrick, Herrington & Sutcliffe. An unauthorized third party accessed the law firm’s network between February 28 and March 13, 2023, where files were stored that contained personal and protected health information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The information potentially compromised includes names, addresses, dates of birth, dental insurance policies, healthcare provider information, and limited dental diagnoses and treatment-related information. Orrick, Herrington & Sutcliffe notified the affected individuals by mail and offered 2 years of complimentary credit monitoring services.

The incident is currently showing on the Office for Civil Rights website as affecting at least 500 individuals. A lawsuit has recently been filed over this data breach which claims the PHI of 152,818 individuals was compromised in the incident. The lawsuit claims it was a ransomware attack.

SightPath Medical Reports Hacking Incident Affecting Sutter North Surgery Center Patients

SightPath Medical, a Minneapolis, MN-based provider of specialized laser and cataract equipment, has confirmed that an unauthorized third party gained access to its internal IT systems and viewed certain files that contained the sensitive information of patients of Sutter North Surgery Center in Yuba City, CA.

The breach was detected on February 9, 2023, and the forensic investigation revealed its systems were first accessed on February 2, 2023. SightPath Medical reviewed all files potentially accessed and determined on June 14, 2023, that protected health information had been exposed. Up-to-date contact information then needed to be obtained to allow notification letters to be sent. SightPath Medical said it has implemented additional safeguards to improve the security of its systems and has offered the affected individuals complimentary credit monitoring and identity theft protection services. The exposed information included names and Social Security numbers.

The incident is not showing on the HHS’ Office for Civil Rights breach portal at the time of writing. The data breach has been reported to the Maine attorney general as affecting 813 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist