Salusive Health, the programmer of the myNurse platform, which aids physician practices to facilitate disease management, has suffered a cyberattack that resulted in the compromise of patient data.
In the Salusive Health’s breach notification letters sent to patients, it mentioned that it found unauthorized activity in its computer system on March 7, 2022, and quickly carried out containment, mitigation, and restoration work, and involved third-party cybersecurity professionals to help with those steps. The investigation proved that unauthorized people accessed the personal data and protected health information (PHI) of patients, such as name, phone number, sexuality, home address, email address, date of birth, health history, diagnosis and treatment data, dates of service, lab test results, prescription details, medical account number, provider name, group plan provider, medical insurance policy and group plan number, and claim data.
Salusive Health stated it used supplemental security actions to avoid other breaches, has advised affected persons and given no-cost identity theft protection services, and submitted a report about the cyberattack to the Federal Bureau of Investigation. There is no record of the breach posted on the HHS’ Office for Civil Rights’ breach website yet, thus it is not known how many people were impacted.
Salusive Health furthermore mentioned in the breach notification letters that the challenging decision was undertaken to stop clinical operations on May 31, 2022, which will let patients give their chronic care management and remote checking services back to their primary care physicians. Salusive Health mentioned the choice to end operations is unconnected to the information security incident.
24,000 Patients Affected by New Creation Counseling Center Cyber Attack
New Creation Counseling Center (NCCC) based in Tipp City, OH, has just commenced advising 24,029 patients that their protected health information was probably compromised in a cyberattack.
NCCC discovered a breach of its IT programs on February 13, 2022 because its users could not access files on the network. The center promptly had taken steps to avert further unauthorized access, and launched an investigation to know the nature and extent of the breach. NCCC confirmed the usage of ransomware to encrypt files and assisted third-party cybersecurity experts with the response and recovery.
NCCC stated that it went on to give medical care to patients all throughout and that the ransomware has been eradicated from its systems. Though the investigation did not find any evidence of data theft, it was not possible to rule it out. An evaluation of files on the affected systems established they comprised names, phone numbers, addresses, email addresses, birthdates, Social Security numbers, health insurance details, intake forms, healthcare releases, and treatment information.
Notifications had been delivered to impacted persons beginning on April 12, 2022, and one year of credit monitoring services was offered to patients for free.