Data Breaches at NCH Corporation, TGH Urgent Care and Southwest Nebraska Public Health Department

by | Aug 11, 2021 | Compliance News

NCH Corporation in Irving, TX, an international maintenance products marketer, sent a report involving a supposed ransomware attack. The organization observed suspicious network activity on March 5, 2021 when certain systems became inaccessible.

NCH had done what is required to block unauthorized access and get back the control of its systems. According to the investigation report, the attackers held access to some network areas from March 2 to March 5, 2021. In that time period, selected records on its file servers were accessed by an unauthorized person. NCH cannot determine which records were accessed, consequently all individuals who had their information potentially compromised received breach notifications. The audit of the files was done on June 29, 2021. The information found in the files were the names of some current and past employees along with their dependents, Social Security numbers and driver’s license numbers.

On July 29, 2021, the provider sent notification letters to the affected people and provided credit monitoring and identity theft protection services at no cost.

The data breach report submitted to the HHS’ Office for Civil Rights indicated that the attack affected about 11,427 individuals.

Insider Incident Impacts Patients of TGH Urgent Care Run by Fast Track

Synergic Healthcare Solutions has informed 558 people concerning the likely theft of their protected health information (PHI) by an ex-worker of Tampa General Urgent Care.

The breach took place on September 9, 2020 when a former Tampa General Urgent Care employee allegedly took pictures of patient data at the TGH Urgent Care’s facility located in Seminole, FL. The breach was discovered on November 6, 2020.

The ex-worker was accused of taking pictures of patients’ credit card information and driver’s licenses. Although the ex-worker is just believed to have taken pictures of the data of 3 individuals, it was decided that all 558 patients whose records were accessed by the worker will be notified.

All people possibly impacted were provided free credit monitoring services. Since the incident, TGH has re-trained employees with regards to privacy and security as well as the reporting of probable privacy violations.

Southwest Nebraska Public Health Department Reports Exposure of COVID-19 Vaccination Data

Southwest Nebraska Public Health Department (SNPHD) has informed 13,500 people regarding the exposure of COVID-19 vaccine data on the internet.

On May 18, 2021, SNPHD became aware that information was exposed on the website of SNPHD. The data available on the site included names, date of birth, addresses, county, vaccination date, vaccination type, gender, and race.

SNPHD got in touch with its web host provider which affirmed that just one person acquired access to the data. SNPHD stated that the person has worked with SNPHD and is convinced there is no need to be concerned with regards to the access of files; nevertheless, people impacted were informed as a safety precaution.

Because of the incident, SNPHD had to provide its employees with more training with regards to HIPAA, privacy, and confidentiality to make sure that an incident such as this doesn’t happen again.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy