Risk and Compliance Firm Reports Breach of 47,035 Records

The risk and compliance firm LogicGate has identified a security incident in which the protected health information of 47,035 individuals has potentially been compromised.

LogicGate explained in breach notification letters that an unauthorized individual gained access to credentials for its Amazon Web Services cloud storage servers which are used to store backup files of customers that use its Risk Cloud platform.

The Risk Cloud Platform is used by companies to identify and manage compliance risks and meet data protection and security standards. All backup files stored in AWS S3 buckets are encrypted, but the attacker was able to use the credentials to decrypt data. The backup files contained customer data that had been uploaded to their Risk Cloud environment prior to February 23, 2021. LogicGate said it did not identify any decrypt events associated with customers’ stored attachments.

It is currently unclear whether any customer data was exfiltrated by the attacker and no details have been released about how the credentials were obtained.

Hoboken Radiology Alerts Patients to Potential Breach of Medical Images and PHI

Hoboken Radiology in New Jersey has started notifying patients about a security breach that occurred between June 2, 2019 and December 1, 2020. In a recent press release, Hoboken Radiology said it received a notification on November 3, 2020 about suspicious activity on its medical imaging server.

Third-party cybersecurity specialists were engaged to investigate the incident and determine if any patient data had been accessed by unauthorized individuals. The investigation is still ongoing, but it was confirmed that there were suspicious connections from an external source between the above dates. The affected server contained patient data which could have potentially been viewed or obtained by unauthorized individuals.

A review of files on the server found they contained a range of patient data including names, genders, dates of birth, treatment dates, referring physician names, patient ID numbers, accession numbers, medical images, and a description of those images. Social Security numbers, payment card details, financial information, and medical insurance information were not compromised.

While unauthorized access to the server was confirmed, no evidence was found to indicate any actual or attempted misuse of patient data. Policies, procedures, and processes related to storage of and access to personal information are being reviewed and will be updated to better protect patient data in the future.

The HHS’ Office for Civil rights website indicates 80,000 individuals have been affected.

Glacier Medical Associates Alerting Patients About April 2021 Data Breach

Glacier Medical Associates in Whitefish, MT has announced it suffered a security breach on April 7 in which patient data was potentially accessed. Third-party digital forensics experts were engaged to investigate the breach and determine the nature and scope of the incident. The investigation concluded on May 10. No evidence of data theft was found and there have been no reported cases of misuse of patient data. No information has been released about the nature of the breach.

Practice Administrator Kelli Meuchel was advised by the practice’s legal counsel not to disclose the number of individuals affected and the incident has yet to appear on the HHS’ Office for Civil Rights breach portal. Meuchel said all affected individuals will be notified by mail and will be advised about the types of information that were compromised.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 3,007 individuals.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.