HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Resources for Human Development, WellStar Health & Central Vermont Eye Care Announce Data Breaches

Resources for Human Development Reports Breach Affecting 46,673 Individuals

The Philadelphia, PA-based national human services nonprofit organization, Resources for Human Development (RHD), has recently confirmed that a hard drive containing the protected health information of 46,673 individuals has been stolen. The theft occurred on or around January 27, 2022, and was discovered by RHD on February 16, 2022.

The hard drive was used for its Point-to-Point program in Exton, PA, and contained information such as names, Social Security Numbers, drivers’ license numbers, financial account information, payment card information, dates of birth, prescription information, diagnosis information, treatment information, treatment providers, health insurance information, medical information, Medicare/Medicaid ID numbers, employer identification numbers, electronic signatures, usernames and passwords of clients and staff members.

RHD said it engaged outside forensics specialists to investigate the extent of the breach and ensure the security of its offices and computer servers. Training has also been provided to employees on best practices for protecting confidential information.

LockBit Ransomware Gang Claims Data Stolen from Tague Family Practice

The LockBit ransomware gang claims to have gained access to the systems of Tague Family Practice in St. Louis, MO, and exfiltrated sensitive data, some of which contained patients’ personal and protected health information.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

A sample of the stolen data has been uploaded onto the gang’s data leak site. According to Databreaches.net, which was able to access a sample of the data, the data included claims and billing-related information. The data was uploaded to the leak site on March 17, 2022.

At this stage, Tague Family Practice has not confirmed a data breach has occurred and the incident has not appeared on the HHS’ Office for Civil Rights breach portal.

Email Breach Confirmed by Wellstar Health

Atlanta, GA-based Wellstar Health has recently confirmed that employee email accounts were accessed by unauthorized individuals who may have accessed or obtained patient information. Wellstar Health learned about the security breach on February 7, 2022, with the forensic investigation confirming that the breach was limited to two email accounts. No other systems were compromised.

The email accounts were discovered to have been compromised between December 6, 2021, and January 3, 2022. Upon discovery of the breach, the email accounts were immediately disabled and secured. A review of the accounts confirmed they contained protected health information such as employee names, medical record numbers, Internal account numbers, and laboratory information. No evidence was found to indicate any patient information was misused.

The breach has recently been reported to the HHS’ Office for Rights as affecting 30,417 individuals.

Central Vermont Eye Care Reports Hacking Incident Affecting 30,000 Patients

A hacking incident has recently been reported by the Rutland, VT-based ophthalmology practice, Central Vermont Eye Care. The exact nature of the hacking incident is unclear at this stage; however, it has been confirmed that unauthorized individuals potentially gained access to the protected health information of up to 30,000 patients. Notification letters were sent to those individuals on April 6, 2022.

This post will be updated when further information becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.