HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Up to 2,592,494 individuals Affected by Smile Brands Ransomware Attack

Irvine, CA-based Smile Brands, a provider of support services for dental offices, has recently provided an update on the number of individuals affected by a ransomware attack that was discovered on April 24, 2021. The attackers gained access to parts of its system on April 23, 2021, that housed files that contained individuals protected health information, including names, addresses, telephone numbers, dates of birth, Social Security numbers, financial information, government-issued ID numbers, and health information.

The breach was initially reported to the HHS’ Office for Civil Rights in June 2021 as affecting 1,200 individuals, but the breach report was later amended to indicate up to 199,683 individuals had been affected. However, in the latest update to the Maine attorney general, the breach has been reported as affecting up to 2,592,494 individuals. The initial notice to the Maine attorney general was submitted on October 8, 2021.

Smile Brands said affected individuals have been offered a complimentary 12-month membership to a credit monitoring service, which includes identity theft assistance services and a $1 million identity theft insurance policy.

Malware Potentially Allowed Hackers to Access ArCare Patient Data

Arcare, a provider of primary care and behavioral health services in Arkansas, Mississippi, and Kentucky has confirmed that patient data was potentially accessed by unauthorized individuals in a cyberattack that was discovered on February 24, 2022. Malware was identified on its network which caused a temporary disruption to its services. Prompt action was taken to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the incident.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The investigation confirmed on March 14, 2022, that the attackers may have accessed sensitive data between January 18, 2022, and February 24, 2022. A review of the affected files was completed on April 4, 2022, and confirmed they contained names, Social Security numbers, driver’s license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information.

While data has been exposed, no evidence has been found of any actual or attempted misuse of patient data. ARcare said it has updated its policies and procedures relating to data protection and security and sent notification letters to affected individuals on April 25, 0222.

The HHS’ Office for Civil Rights breach portal indicates 345,353 individuals have been affected.

Unencrypted Laptops Stolen from Home of Employee of Onehome Health Solutions

Two unencrypted laptop computers have been stolen from the home of an employee of the Miramar, FL-based home-based healthcare provider, Onehome Health Solutions.

The theft was discovered on March 3, 2021, and the incident was reported to law enforcement. A forensic analysis determined the laptop computers contained the protected health information of up to 15,401 patients, including names, addresses, phone numbers, medical information, health insurance information, and the last four digits of Social Security numbers.

Onehome said all affected individuals have been notified about the exposure of their information and complimentary identity theft protection services have been offered to individuals whose partial Social Security numbers were exposed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.