The Michigan law firm, Warner Norcross and Judd LLP, has distributed breach notification letters to 255,160 people telling them about a security breach in October 2021 resulting in the potential access and exfiltration of files containing their personal data and protected health information (PHI). The breach was discovered on October 22, 2021. In the substitute breach notification, there was no mention of when, and for how long, unauthorized persons got access to its systems.
A digital forensics company helped to investigate the nature and magnitude of the data breach and conducted a programmatic and manual evaluation of the files on the affected areas of its network. The assessment showed that the files held information like names, dates of birth, government-issued IDs, driver’s license numbers, Social Security numbers, annual compensation amounts, benefit contribution details, credit or debit card numbers, debit card or credit card PINs, financial account or routing numbers, patient account numbers, passport numbers, health data, and life insurance policy data.
The Michigan Law company sent notification letters to impacted people in August and provided details on tips that persons can do to decrease the risk of identity theft and fraud, however it would seem that credit monitoring and identity theft protection services are not available. The law company stated it is going to take steps to enhance security to stop other security breaches.
Medical Imaging Firms Announces PHI Breach
Gateway Diagnostic Imaging, a company operating 12 medical imaging centers in North Texas, and Radiology Ltd, a medical imaging organization based in Tucson, AZ, have recently began alerting a number of patients regarding a breach of systems that held patient records. The data breach was noticed on December 24, 2021, and the following forensic investigation confirmed that unauthorized people acquired access to its systems between December 17 and December 24, 2021.
The data on the compromised systems comprised data like names, Social Security numbers, birth dates, addresses, medical insurance details, patient account numbers, medical record numbers, physician names, dates of service, and details associated with the radiology services received.
As a safety measure against identity theft and fraud, the firm offered to the affected persons a complimentary 12-month membership to the credit monitoring and identity theft protection service of Equifax Credit Watch Gold. Additional safeguards are also being enforced to avoid more security breaches, and improvements were made to its monitoring features.
The breach is not posted yet on the HHS’ Office for Civil Rights Breach portal so it is currently not clear how many people were impacted.