A summary of data breaches that were just reported to the HHS’ Office for Civil Rights and state attorneys general.
Blue Shield of California
Blue Shield of California has commenced informing selected health plan members concerning a privacy violation by one of its staff members. The employee emailed a spreadsheet comprising plan members’ names, phone numbers, Social Security numbers, addresses, email addresses, and/or Taxpayer ID numbers from his/her work account to a personal email address on June 17, 2022. Privacy Officer David Keystone of Blue Shield of California stated it discovered the privacy breach on October 30, 2022, and the staff member was assessed and advised to remove the email and any spreadsheet copy.
Because of the incident, Blue Shield of California strengthened its system detection tools to stop other impermissible disclosures of PHI. As a safety measure against identity theft, affected people were provided free one-year access to a credit monitoring and identity theft protection service.
The number of persons impacted is not yet certain.
Pediatrics West & Allergy West
Pediatrics West & Allergy West located in Massachusetts have advised 1,364 patients about the unauthorized access to their PHI that was saved on its system. The provider discovered the breach on October 17, 2022 and the forensic investigation affirmed that unauthorized access took place between August 19, 2021, and August 15, 2022. The data records on the system involved names, contact data, dates of birth, demographic data, diagnosis and treatment information, prescription details, medical record numbers, dates of service, provider names,
and/or health insurance details. Pediatrics West mentioned it has enforced extra safety measures and technical security steps to further safeguard and keep an eye on its IT infrastructure.
Medstar Mobile Healthcare
The emergency and nonemergency ambulance service of Medstar Mobile Healthcare operating in Tarrant County, TX lately publicized that it encountered a cyberattack resulting in the potential compromise of patient information. Suspicious network activity was seen on October 20, 2022, and it was eventually established that an unauthorized third party had obtained access to sections of the network that saved patient data. It cannot be determined if the files were accessed or exfiltrated. The analysis of the files indicated they largely included non-financial billing data only; nonetheless, several persons additionally had their complete name, date of birth, contact details, and limited medical details revealed. The incident investigation is continuing.
The number of affected individuals stays uncertain.
Mailing Error at The Louis A. Johnson VA Medical Center
The Louis A. Johnson Veterans’ Administration Medical Center based in West Virginia has just reported a privacy breach regarding the PHI of 736 people. There was a mistake in a mailing to veterans making the full Social Security numbers visible on the letters. Affected veterans were informed via mail and were given complimentary access to credit monitoring services. The VA has furthermore made a work group to take a look at the mailing processes to check likely vulnerabilities, and more managers will be employed to steer clear of identical difficulties down the road.