HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Tennessee Orthopaedic Alliance Phishing Attack Impacts Over 81,000 Patients

Phishing attacks have recently been reported by Tennessee Orthopaedic Alliance, Jefferson Dental Care Healthcare Management, and Munson Healthcare.

81,146 Patients Affected by Tennessee Orthopaedic Alliance Phishing Attack

Tennessee Orthopaedic Alliance (TOA) has discovered unauthorized individuals have gained access to the email accounts of two employees. TOA became aware of the breach on October 18, 2019 when unusual activity was detected in an employee’s email account. The account was immediately secured, and third-party computer forensics experts were engaged to investigate the breach. The investigation revealed a second email account had also been compromised and the accounts were accessed by unauthorized individuals between August 16, 2019 and October 14, 2019.

TOA determined on January 3, 2019 that the compromised email accounts contained names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, diagnostic information, treatment information, and treatment costs.

Patients were notified about the breach on February 14, 2019. Individuals whose Social Security number was potentially compromised have been offered complimentary credit monitoring and identity theft protection services. While PHI in the accounts could have been accessed by the attackers, TOA found no evidence to indicate patient information has been misused.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The HHS’ Office for Civil Rights breach portal indicates 81,146 patients were affected by the breach.

Jefferson Dental Care Healthcare Management Notifies 45,748 Patients About PHI Exposure

Jefferson Dental Care Healthcare Management in Dallas, TX, has discovered an unauthorized individual accessed the email account of an employee between July 21, 2019 and Aug. 26, 2019.

Suspicious email account activity was detected on or around October 19, 2019 and the account was immediately secured. JDH Healthcare Management determined on December 10, 2019 that the account contained the PHI of 45,748 patients. While no evidence was found to indicate patient information was accessed by the attacker, it is possible that names, addresses, dates of birth, medical treatment information, medical histories, health insurance information, payment information, patient numbers, and medical record numbers may have been compromised. Complimentary credit monitoring and identity protection services have been offered to affected patients.

JDH Healthcare Management is reviewing its policies and procedures and additional safeguards will be implemented to improve email security.

Patients Notified of Munson Healthcare Phishing Attack

Munson Healthcare in Traverse City, MI, has discovered unauthorized individuals have gained access to the email accounts of some of its employees. Assisted by third-party computer forensic experts, Munson Healthcare determined that the email accounts were subjected to unauthorized access between July 31, 2019 and October 22, 2019.

A review of the affected email accounts was completed on January 16, 2020. The accounts were found to contain patient names, dates of birth, insurance information, and treatment and diagnostic information. The accounts also contained a limited number of financial account numbers, driver’s license numbers, and Social Security numbers.

Complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised. Munson Healthcare will be implementing additional technical safeguards to prevent similar breaches in the future.

The HHS’ Office for Civil Rights website indicates 75,202 patients have been affected by the breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.