9 Prime Healthcare Hospitals Affected by MOVEit Data Breach
Ontario, CA-based Prime Healthcare has been affected by a data breach at its revenue cycle management vendor, CBIZ KA. The vendor used Progress Software’s MOVEit Transfer solution, a zero-day vulnerability in which was exploited by the Clop hacking group in late May 2023. Prime Healthcare received a copy of the stolen files from CBIZ KA on September 20, 2023, and has confirmed that they contained names in combination with one or more of the following: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.
Prime Healthcare operates 45 hospitals, although only 9 were affected: Saint Clare’s Hospital, Saint Michael’s Medical Center, and St. Mary’s General Hospital in New Jersey, Roxborough Memorial Hospital, Lower Bucks Hospital, and Suburban Community Hospital in Pennsylvania, Garden City Hospital and Lake Huron Medical Center in Michigan, and Landmark Medical Center in Rhode Island. Individuals whose Social Security numbers were involved have been offered complimentary credit monitoring and identity protection services.
PHI Compromised in Cyberattack on Sierra County, CA
Sierra County in California experienced a “sophisticated cyberattack” on or around February 21, 2023. Sierra County detected the breach on March 5, 2023, secured its systems to prevent further unauthorized access, and engaged third-party cybersecurity experts to investigate the breach. The investigation revealed the attackers had access to parts of the network that contained information such as names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, driver’s license or government ID numbers, medical/prescription or health insurance related information, drug or alcohol screening results, credit or debit card numbers, biometric data, or financial account/routing numbers. No evidence has been found that indicates actual or attempted misuse of the impacted data. The Department of Public Health and Department of Behavioral Health confirmed that the protected health information of 2,463 individuals was exposed and potentially stolen in the attack.
Email Account Breach Reported by Advarra, Inc.
Advarra, Inc., a Columbia, MD-based provider of integrated research compliance solutions, has discovered unauthorized access to an employee email account. The email account breach was detected on October 26, 2023, and the account was immediately disabled. The forensic investigation confirmed that the breach was limited to a single account, with the unauthorized access commencing on October 25, 2023. The attacker copied information from the account that included names and Social Security numbers. The breach was recently reported to the Maine Attorney General as affecting 1,782 individuals. No evidence of misuse of the stolen data has been identified; however, as a precaution, affected individuals have been offered complimentary credit monitoring services for 24 months and those individuals are being encouraged to take advantage of those services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy