Shore Specialty Consultants Pulmonology Group Breach Impacts 9,700 Patients

New Jersey-based Shore Specialty Consultants Pulmonology Group (SSCPG) is notifying 9,700 patients that some of their protected health information (PHI) has potentially been subjected to unauthorized access as a result of a recent security breach.

On July 8, 2019, SSCPG discovered a hacker gained access to a network server containing patient information. The breach was detected within a day and the server was secured. A forensic investigation of the breach did not uncover any evidence to suggest patient information was accessed or stolen, but the possibility could not be ruled out.

The compromised server contained the PHI of patients who had previously participated in sleep studies at SSCPG. Highly sensitive information such as Social Security numbers, health insurance information and financial information were not exposed. The breach was limited to patients’ names, dates of birth, details of the care received at SSCPG, and some information relating to the sleep study.

The breach prompted SSCPG to conduct a review of its policies and procedures and additional security measures are being implemented. Employees have also been provided with further training.

Little Rock Plastic Surgery Notifies Patients of Internal HIPAA Breach

Little Rock Plastic Surgery (LRPS) in Arkansas has discovered a former nurse downloaded and stole the PHI of several patients.

LRPS discovered the HIPAA breach on July 15, 2019. The investigation revealed the former employee accessed the clinic’s vendor accounts without authorization in order to obtain patient information related to treatments and appointment dates. Reports, photos, and other files containing PHI were downloaded and removed from LRPS by the nurse.

LRPS has taken steps to ensure the stolen information is returned or permanently destroyed. The incident has also been reported to the Department of Health and Human Services’ Office for Civil Rights, the Arkansas Attorney General’s office, and the Arkansas Board of Nursing. Affected patients have been notified by mail.

Fedcap Breach Impacts 2,158 Patients

Fedcap Rehabilitation, a New York-based provider of vocational training and employment resources, is alerting 2,158 current and former clients about a recent security breach.

Fedcap officials launched an investigation following the discovery of a fraudulent wire transfer. On May 28, 2019, Fedcap officials confirmed that an unauthorized individual gained access to the email accounts of seven employees.

The breach investigation revealed the accounts were compromised between September 20, 2018 and January 27, 2019. While the aim of the attack was to steal money from Fedcap, it is possible that the attacker gained access to sensitive client information in the compromised email accounts.

An analysis of the compromised accounts has now been completed. Affected patients were notified on August 29, 2019 that the following types of information were potentially accessed/stolen: Names, birth dates, Social Security numbers, passport numbers, driver’s license numbers, account/routing numbers, payment card information, diagnoses, medications, treatment information, medical histories, healthcare provider names, service dates, health insurance information, and group numbers.

To date, Fedcap has not received any reports to suggest any client information has been misused. The breach prompted Fedcap to implement multi-factor authentication on all email accounts and additional procedures have been implemented to strengthen its security processes.

Affected clients have been advised to review their financial accounts, insurance, and explanation of benefits statements for fraudulent activity.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.