Tennessee Orthopaedic Alliance Phishing Attack Impacts Over 81,000 Patients

Share this article on:

Phishing attacks have recently been reported by Tennessee Orthopaedic Alliance, Jefferson Dental Care Healthcare Management, and Munson Healthcare.

81,146 Patients Affected by Tennessee Orthopaedic Alliance Phishing Attack

Tennessee Orthopaedic Alliance (TOA) has discovered unauthorized individuals have gained access to the email accounts of two employees. TOA became aware of the breach on October 18, 2019 when unusual activity was detected in an employee’s email account. The account was immediately secured, and third-party computer forensics experts were engaged to investigate the breach. The investigation revealed a second email account had also been compromised and the accounts were accessed by unauthorized individuals between August 16, 2019 and October 14, 2019.

TOA determined on January 3, 2019 that the compromised email accounts contained names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, diagnostic information, treatment information, and treatment costs.

Patients were notified about the breach on February 14, 2019. Individuals whose Social Security number was potentially compromised have been offered complimentary credit monitoring and identity theft protection services. While PHI in the accounts could have been accessed by the attackers, TOA found no evidence to indicate patient information has been misused.

The HHS’ Office for Civil Rights breach portal indicates 81,146 patients were affected by the breach.

Jefferson Dental Care Healthcare Management Notifies 45,748 Patients About PHI Exposure

Jefferson Dental Care Healthcare Management in Dallas, TX, has discovered an unauthorized individual accessed the email account of an employee between July 21, 2019 and Aug. 26, 2019.

Suspicious email account activity was detected on or around October 19, 2019 and the account was immediately secured. JDH Healthcare Management determined on December 10, 2019 that the account contained the PHI of 45,748 patients. While no evidence was found to indicate patient information was accessed by the attacker, it is possible that names, addresses, dates of birth, medical treatment information, medical histories, health insurance information, payment information, patient numbers, and medical record numbers may have been compromised. Complimentary credit monitoring and identity protection services have been offered to affected patients.

JDH Healthcare Management is reviewing its policies and procedures and additional safeguards will be implemented to improve email security.

Patients Notified of Munson Healthcare Phishing Attack

Munson Healthcare in Traverse City, MI, has discovered unauthorized individuals have gained access to the email accounts of some of its employees. Assisted by third-party computer forensic experts, Munson Healthcare determined that the email accounts were subjected to unauthorized access between July 31, 2019 and October 22, 2019.

A review of the affected email accounts was completed on January 16, 2020. The accounts were found to contain patient names, dates of birth, insurance information, and treatment and diagnostic information. The accounts also contained a limited number of financial account numbers, driver’s license numbers, and Social Security numbers.

Complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised. Munson Healthcare will be implementing additional technical safeguards to prevent similar breaches in the future.

The HHS’ Office for Civil Rights website indicates 75,202 patients have been affected by the breach.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On