226,000 Individuals Affected by Regional Care, Inc. Cyberattack
Regional Care, Inc., a Scottsbluff, NE-based health insurance agency, has notified 225,728 individuals about a cybersecurity incident that involved some of their personal and protected health information. Suspicious activity was identified within its network on September 18, 2024. The investigation confirmed on or around November 8, 2024, that there had been unauthorized access to its network, and the threat actor viewed or acquired information such as names, birth dates, Social Security numbers, medical information, and health insurance information.
Notification letters were mailed to the affected individuals on December 16, 2024, and individuals whose Social Security numbers were involved were offered complimentary credit monitoring services. Regional Care said it had taken many precautions to safeguard personal information and continually evaluates and modifies its practices and internal controls to enhance data security.
Email Breach at Amergis Healthcare Staffing Affects 11,000 Individuals
Columbia, MD-based Amergis Healthcare Staffing, Inc., formerly Maxim Healthcare Staffing, has notified 11,329 individuals affected by a February 6, 2024, data breach. An unauthorized third party accessed several employee email accounts and may have viewed or obtained names, contact information, Social Security numbers, and other personal data. The individual notification letters state exactly what information was exposed for each individual and include an offer of complimentary credit monitoring services. Amergis Healthcare Staffing said it has engaged third-party cybersecurity experts to help enhance data security and harden its email defenses. At the time of issuing notifications, the staffing agency said it was unaware of any misuse of the exposed data.
Chicago Cardiology Institute Notifies Patients About Email Account Breach
Chicago Cardiology Institute in Schaumburg, IL has recently notified patients about an email-related data breach in July 2024. An unauthorized third party gained access to a single employee email account for a short period on July 16, 2024. While the window of opportunity was relatively short, it is possible that sensitive patient data in the account was viewed or copied. The review of emails and attachments was recently completed and confirmed that the breach was limited to names, dates of birth, physicians’ names, insurance provider names, and the reason for making appointments
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Chicago Cardiology Institute made immediate improvements to email security when the breach was detected and said it has strengthened system and security protocols, implemented threat monitoring systems, proactive vulnerability management programs, active system scanning, and policy additions. The breach has been reported to regulators; however, it is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
