Posted By HIPAA Journal on Mar 6, 2023

Cedar Park, TX-based Dental Well being Administration Options (DHMS), a supplier of dental companies to the federal government/army and personal sufferers has just lately introduced – by way of its authorized counsel – that the protected well being info of sure sufferers was uncovered in a 2021 hacking incident. In a February 2023 notification to the Maine Lawyer Normal, DHMS stated it detected a community intrusion on or round August 20, 2021, with the forensic investigation confirming its community was compromised on July 17, 2021.

A complete overview was performed of all recordsdata that had been doubtlessly accessed or acquired within the assault and confirmed that 3,205 people have been affected. The sorts of info uncovered diverse from particular person to particular person and will have included names, addresses, medical info, medical health insurance info, Medicaid identification numbers, driver’s licenses, account and routing numbers, and Social Safety numbers.

DHMS stated it has modified passwords and carried out multifactor authentication and provided affected people complimentary credit score monitoring and id safety companies. The notification letter lacks an evidence of why it took 18 months from the date of discovery of the breach for notification letters to be despatched when the HIPAA breach notification rule requires notifications to be issued inside 60 days or when the breach occurred.

Aloha Nursing Rehab Centre Breach Impacts 20,000 Sufferers

Aloha Nursing Rehab Centre in Kaneohe, Hawaii, has just lately reported an information breach to the HHS’ Workplace for Civil Rights that has affected 20,216 sufferers. Based on the notification despatched to the Maine Lawyer Normal, its IT techniques had been accessed by an unauthorized particular person on or round July 8, 2022. That particular person accessed a restricted variety of digital information in its techniques.

Aloha Nursing Rehab Centre stated the investigation and doc overview revealed on or round December 28, 2022, that the recordsdata accessed within the assault included affected person info. The sorts of info concerned included names, dates of start, Social Safety numbers, monetary account info, driver’s license numbers, and state identification numbers. Affected people had been notified by mail in February 2023 and had been provided complimentary credit score monitoring and id theft safety companies and will likely be protected by a $1,000,000 id theft insurance coverage coverage.

The Chautauqua Middle Identifies Restricted Publicity of Affected person Data

The Chautauqua Middle (TCC) in Jamestown New York has just lately introduced that the protected well being info of 747 people has been uncovered in an information breach involving its enterprise affiliate, WebPT, which gives digital medical file companies for Chautauqua Bodily and Occupational Remedy.

The incident uncovered the data of Chautauqua Bodily and Occupational Remedy sufferers to different healthcare services throughout an improve to the EMR system on December 22, 2022. The referral report that was accessible to different healthcare clinics included names, case title/creation date, final seen/referral dates, insurance coverage supplier, remedy clinic, referring doctor/doctor group title, secondary insurance coverage info, and complete go to depend for every case. WebPT has confirmed that medical notes from the preliminary analysis weren’t accessible.

As a result of restricted nature of the info concerned, and the truth that the data was solely uncovered to HIPAA-covered entities, the dangers to sufferers are believed to be minimal; nevertheless, all people had been notified in regards to the publicity in January. Entry to the report was disabled inside 19 hours of discovery of the publicity, an evaluation was carried out to determine the reason for the breach, the workers was retrained, and statements had been obtained from all affected clinics confirming that there had been no use or additional disclosure of the report.