25% off all training courses Offer ends June 26, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends June 26, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI of Employees Compromised in Cyberattack on Waste Management Firm

Posted By on Aug 16, 2021

USA Waste-Management Resources, LLC has started notifying certain employees, former employees, and dependents covered by its self-administered health plan that some of their personal and protected health information (PHI) was compromised in a January 2021 cyberattack.

Waste-Management Resources said suspicious activity was detected in its IT systems on January 21, 2021. An investigation was launched and, assisted by third party computer forensics specialists, Waste-Management Resources confirmed that an unauthorized individual had accessed its systems between January 21 and January 23, 2021 and that certain files were accessed and stolen in the attack.

An extensive review was conducted to determine if any files stored on the compromised parts of its network contained any sensitive information. That process was completed on June 21, 2021.

The review confirmed the following types of information had been exposed and have potentially been compromised: Names, Social Security numbers, taxpayer identification numbers, government ID numbers, state ID numbers, driver’s license numbers, dates of birth, financial/bank account numbers, debit/credit card numbers, medical history/treatment information, health insurance information, passport numbers, and username/email address and passwords for financial electronic accounts. Waste-Management Resources said it was not possible to tell which files were actually exfiltrated in the attack.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Notification letters started to be sent to affected individuals on August 11, 2021. Waste-Management Resources said, “While the investigation remains ongoing, we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security.”

Affected individuals have been advised to monitor their financial accounts for any sign of misuse of their personal data, and to obtain a free credit report from one of the three major credit monitoring bureaus and to consider placing a free fraud alert or a credit freeze on their files.  It does not appear that credit monitoring and identity theft protection services are being offered, despite the extensive and highly sensitive nature of data potentially compromised in the attack.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist