Cross Timbers Health Clinics based in Brownwood, Texas, operating under the brand AccelHealth, experienced a ransomware attack on December 15, 2021. As a result, the Federally Qualified Health Center could not gain access to selected files and folders on its network. AccelHealth hired third-party forensics professionals to investigate the security breach who confirmed that unauthorized people first acquired access to its system on December 9, 2021.
Throughout the 6 days when the attackers had access to the network, they may have viewed or gotten files that contain patient data. A detailed evaluation of all files on the exposed parts of the system revealed they comprised the protected health information (PHI) of 48,126 patients, such as names, addresses, dates of birth, driver’s license numbers, financial account details, Social Security numbers, health insurance details, treatment, and diagnosis data and medical record numbers.
There was no evidence found of data exfiltration and, while issuing notification letters, no report was obtained that suggests actual or attempted misuse of patient data. AccellHealth stated additional technical security steps are being enforced to avoid further cyber attacks and affected persons were given no-cost credit monitoring services.
Pace Center for Girls Became Aware of 11-Month System Breach
Pace Center for Girls based in Jacksonville, FL provides a 6-12 education program for at-risk teenage girls. It has been found that unauthorized individuals accessed certain infrastructure systems and might have viewed or got the sensitive information of current and former students.
The security breach was discovered in the week of December 13, 2021, and the following investigation affirmed last January 2021 that unauthorized persons got access to segments of its IT infrastructure that held sensitive records. The breached information included students’ full names, phone numbers, addresses, birth dates, Florida Department of Juvenile Justice identification numbers, enrollment information, parent/guardian names, and behavioral health details.
Pace Center for Girls stated a third-party cybersecurity agency was employed to help secure its network and physical computer access and evaluate its data security and gateway security systems. Extra security procedures will be carried out, as necessary, to better safeguard against unauthorized access. Affected people were told to place fraud warnings with Equifax, Experian, and TransUnion to detect any fake use of their personal data. The breach report was submitted to the HHS’ Office for Civil Rights indicating that up to 18,300 individuals were impacted.