Presbyterian Healthcare Services & ORM Fertility Patients Affected by Data Breaches
Oregon Reproductive Medicine, doing business as ORM Fertility, has announced a security breach that impacted certain computer systems and caused network disruption. The security breach was detected on or around August 27, 2024, and the forensic investigation confirmed unauthorized access to its network between August 26, 2024, and August 27, 2024.
ORM Fertility said there was no unauthorized access to its electronic medical records (EMR), email, or customer relationship management system (CRM), and financial and insurance information was not exposed. The review of the affected files is ongoing; however, it appears that only limited patient data was exposed, such as names and lab data. The exact data types will be confirmed when the file review is concluded.
The security incident prompted ORM Fertility to implement additional security measures and security will continue to be monitored and enhanced to prevent similar incidents from occurring in the future. In its October 25, 2024 website notification, ORM Fertility said it is unaware of any misuse of the affected data, but as a precaution, individuals should monitor their healthcare statements and report any charges or services that were not incurred to the appropriate provider or insurance carrier. Since the file review has not yet concluded, the incident has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 500 affected individuals.
Presbyterian Healthcare Services Affected by Data Breach at Law Firm
A cyberattack on the St. Louis, MO-based law firm Thompson Coburn in May 2024 has exposed the protected health information of patients of New Mexico’s Presbyterian Healthcare Services. Presbyterian Healthcare Services worked with the law firm on matters such as government billing and repayment, and those services required the disclosure of some patients’ protected health information. Thompson Coburn said unauthorized individuals had access to its network between May 28 and May 29, 2024, and either viewed or exfiltrated files containing the information of certain Presbyterian patients, including names, dates of birth, medical record numbers, patient account numbers, prescription and treatment information, medical provider information, health insurance information, and Social Security numbers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The types of information exposed vary from individual to individual and are specified for each patient in the notification letters being mailed by Thompson Coburn. The law firm has advised the affected individuals to be vigilant against identity theft and fraud by monitoring their accounts, credit reports, and explanation of benefits statements. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals and the law firm said it has enhanced security to prevent similar incidents in the future.
Thompson Coburn has recently reported the breach to the HHS’ Office for Civil Rights as affecting 305,088 individuals.
