HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Salusive Health Closes Business Following Cyberattack

Salusive Health, the developer of the myNurse platform which helps physician practices streamline disease management, has experienced a cyberattack in which patient data was compromised.

In its breach notification letters to patients, Salusive Health explained that it identified unauthorized activity within its computer network on March 7, 2022, and immediately implemented containment, mitigation, and restoration efforts, and engaged third-party cybersecurity experts to assist with those processes. The investigation confirmed that unauthorized individuals accessed the personal and protected health information of patients, including name, gender, home address, phone number, email address, date of birth, medical history, diagnosis and treatment information, dates of service, lab test results, prescription information, provider name, medical account number, health insurance policy and group plan number, group plan provider, and claim information.

Salusive Health said it implemented additional security measures to prevent further breaches, has notified affected individuals and offered free identity theft protection services, and reported the cyberattack to the Federal Bureau of Investigation. The incident has not yet appeared on the HHS’ Office for Civil Rights’ breach portal, so it is unclear at this stage how many individuals have been affected.

Salusive Health also explained in the breach notification letters that the difficult decision has been taken to cease clinical operations by the end of business on May 31, 2022, which will allow patients to hand their chronic care management and remote monitoring services back to their primary care physicians. Salusive Health said the decision to cease operations is unrelated to the data security incident.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

New Creation Counseling Center Ransomware Attack Affects 24,000 Patients

New Creation Counseling Center (NCCC) in Tipp City, OH, has recently started notifying 24,029 patients that some of their protected health information has potentially been compromised in a recent cyberattack.

A breach of its IT systems was detected on February 13, 2022, when users were prevented from accessing files on the network. Steps were immediately taken to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the breach. NCCC confirmed ransomware had been used to encrypt files, and third-party cybersecurity consultants have been assisting with the response and recovery.

NCCC said care continued to be provided to patients throughout and the ransomware has been confirmed as having been eradicated from its systems. While the investigation uncovered no evidence of data theft, it was not possible to rule it out. A review of files on the affected systems confirmed they contained names, telephone numbers, addresses, email addresses, birthdates, Social Security numbers, health insurance information, intake forms, medical releases, and treatment records.

Notifications were sent to affected individuals starting on April 12, 2022, and one year of credit monitoring services has been offered to patients at no cost.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.