Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

Share this article on:

Resources for Human Development Reports Breach Affecting 46,673 Individuals

The Philadelphia, PA-based national human services nonprofit organization, Resources for Human Development (RHD), has recently confirmed that a hard drive containing the protected health information of 46,673 individuals has been stolen. The theft occurred on or around January 27, 2022, and was discovered by RHD on February 16, 2022.

The hard drive was used for its Point-to-Point program in Exton, PA, and contained information such as names, Social Security Numbers, drivers’ license numbers, financial account information, payment card information, dates of birth, prescription information, diagnosis information, treatment information, treatment providers, health insurance information, medical information, Medicare/Medicaid ID numbers, employer identification numbers, electronic signatures, usernames and passwords of clients and staff members.

RHD said it engaged outside forensics specialists to investigate the extent of the breach and ensure the security of its offices and computer servers. Training has also been provided to employees on best practices for protecting confidential information.

LockBit Ransomware Gang Claims Data Stolen from Tague Family Practice

The LockBit ransomware gang claims to have gained access to the systems of Tague Family Practice in St. Louis, MO, and exfiltrated sensitive data, some of which contained patients’ personal and protected health information.

A sample of the stolen data has been uploaded onto the gang’s data leak site. According to Databreaches.net, which was able to access a sample of the data, the data included claims and billing-related information. The data was uploaded to the leak site on March 17, 2022.

At this stage, Tague Family Practice has not confirmed a data breach has occurred and the incident has not appeared on the HHS’ Office for Civil Rights breach portal.

Email Breach Confirmed by Wellstar Health

Atlanta, GA-based Wellstar Health has recently confirmed that employee email accounts were accessed by unauthorized individuals who may have accessed or obtained patient information. Wellstar Health learned about the security breach on February 7, 2022, with the forensic investigation confirming that the breach was limited to two email accounts. No other systems were compromised.

The email accounts were discovered to have been compromised between December 6, 2021, and January 3, 2022. Upon discovery of the breach, the email accounts were immediately disabled and secured. A review of the accounts confirmed they contained protected health information such as employee names, medical record numbers, Internal account numbers, and laboratory information. No evidence was found to indicate any patient information was misused.

The breach has recently been reported to the HHS’ Office for Rights as affecting 30,417 individuals.

Central Vermont Eye Care Reports Hacking Incident Affecting 30,000 Patients

A hacking incident has recently been reported by the Rutland, VT-based ophthalmology practice, Central Vermont Eye Care. The exact nature of the hacking incident is unclear at this stage; however, it has been confirmed that unauthorized individuals potentially gained access to the protected health information of up to 30,000 patients. Notification letters were sent to those individuals on April 6, 2022.

This post will be updated when further information becomes available.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On