PHI of Almost 75,000 Individuals Exposed in Email Incident at AmeriBen
IEC Group, Inc., doing business as AmeriBen, a medical benefits administration services provider, has recently reported an email-related data breach to the HHS’ Office for Civil Rights that affected up to 74,884 individuals. The incident was reported as an unauthorized access/disclosure incident. It is unclear from the breach notice whether the incident involved an unauthorized third party or an insider.
AmeriBen said it has no reason to believe that any of the exposed information will be misused but has advised the affected individuals to monitor their Explanation of Benefits statements as a precaution. The email account contained protected health information such as employees’ first and last names, claimants first and last names, case numbers, employer CERT codes, provider name, provider city, claim number, date(s) of service, internal INEL codes, and amounts billed and paid.
Sanford Health Affected by Cyberattack on Imaging Vendor
Sanford Health has recently alerted certain patients that some of their protected health information was exposed in a security incident at its imaging vendor, DMS Health Technologies. DMS Health Technologies identified suspicious activity in its computer systems on April 23, 2023. The forensic investigation confirmed that unauthorized individuals had access to its network between March 27 and April 24, 2023, and during that time, sensitive client data was exposed. Sanford Health said the exposed information was limited to names, birth dates, dates of service, physician names, and exam types. 21,211 Sanford Health patients have been affected.
Delta Dental of California Affected by Ransomware Attack on Law Firm
The protected health information of Delta Dental of California patients was exposed in a cyberattack on its legal counsel, Orrick, Herrington & Sutcliffe. An unauthorized third party accessed the law firm’s network between February 28 and March 13, 2023, where files were stored that contained personal and protected health information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The information potentially compromised includes names, addresses, dates of birth, dental insurance policies, healthcare provider information, and limited dental diagnoses and treatment-related information. Orrick, Herrington & Sutcliffe notified the affected individuals by mail and offered 2 years of complimentary credit monitoring services.
The incident is currently showing on the Office for Civil Rights website as affecting at least 500 individuals. A lawsuit has recently been filed over this data breach which claims the PHI of 152,818 individuals was compromised in the incident. The lawsuit claims it was a ransomware attack.
SightPath Medical Reports Hacking Incident Affecting Sutter North Surgery Center Patients
SightPath Medical, a Minneapolis, MN-based provider of specialized laser and cataract equipment, has confirmed that an unauthorized third party gained access to its internal IT systems and viewed certain files that contained the sensitive information of patients of Sutter North Surgery Center in Yuba City, CA.
The breach was detected on February 9, 2023, and the forensic investigation revealed its systems were first accessed on February 2, 2023. SightPath Medical reviewed all files potentially accessed and determined on June 14, 2023, that protected health information had been exposed. Up-to-date contact information then needed to be obtained to allow notification letters to be sent. SightPath Medical said it has implemented additional safeguards to improve the security of its systems and has offered the affected individuals complimentary credit monitoring and identity theft protection services. The exposed information included names and Social Security numbers.
The incident is not showing on the HHS’ Office for Civil Rights breach portal at the time of writing. The data breach has been reported to the Maine attorney general as affecting 813 individuals.