Rocky Mountain Gastroenterology Associates Data Breach Affects 366K Patients
Rocky Mountain Gastroenterology Associates has experienced a cyberattack that involved unauthorized access to the protected health information of more than 366,000 patients. Email incidents have been announced by Radiologic Medical Services and the law firm Ott Cone & Redpath.
Rocky Mountain Gastroenterology Associates
In November, Littleton, CO-based Rocky Mountain Gastroenterology Associates started notifying 366,491 patients about a hacking incident that was identified on September 13, 2024. Suspicious activity was identified within its network, and the investigation confirmed that a threat actor had accessed and potentially copied files containing patient data.
The affected files were reviewed and found to contain patient data such as names, addresses, dates of birth, patient account numbers, medical record numbers, Social Security numbers, health insurance identification numbers, and health information such as diagnoses and treatment information. The types of information involved varied from individual to individual. Rocky Mountain Gastroenterology Associates has implemented additional safeguards to prevent similar breaches in the future and started mailing individual notification letters on November 13, 2024.
Radiologic Medical Services
Radiologic Medical Services in Coralville, IA, has recently notified 56,902 individuals that some of their protected health information was compromised in an email incident earlier this year. Suspicious activity was identified in an employee’s email account on February 26, 2024. Prompt action was taken to prevent further unauthorized access and a third-party cybersecurity firm was engaged to investigate the breach. The investigation revealed a second email account had also been compromised, and had been accessed by an unauthorized third party between February 22, 2024, and March 19, 2024.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The accounts were reviewed to determine the types of information exposed and that process was completed on September 13, 2024. After the results were validated and contact information obtained, notification letters were mailed in November. The substitute breach notice does not state the types of information compromised in the incident, only that the affected individuals have been offered a 12-month membership to credit monitoring and identity theft protection services with Cyberscout.
Ott Cone & Redpath
Ott Cone & Redpath, A Greensboro, NC-based law firm that provides legal services to healthcare organizations, has experienced a cyberattack that saw a cybercriminal gain access to a company email account. The substitute breach notice does not state when the account was compromised or when the breach was detected, only that the affected individuals were identified on October 31, 2024.
The personally identifiable and protected health information of 22,171 individuals was compromised in the incident, including names, dates of birth, Social Security numbers, medical treatment information, health insurance information, and, for a limited number of individuals, financial account information. Individual notification letters have been mailed and credit monitoring and identity theft protection services are being offered free of charge for 12 months. The law firm said a series of additional cybersecurity measures have been implemented and further measures will soon be rolled out.
