Data Breaches Reported by Continuum Health Alliance, Guardant Health, and Bluebonnet Trails Community Services

by | May 9, 2024 | HIPAA News and Advice

377,000 Consensus Medical Group Patients Impacted by Continuum Health Alliance Data Breach

Continuum Health Alliance based in Marlton, NJ recently reported that it has encountered a security incident that compromised the data of 377,119 patients of its client, Consensus Medical Group. Consensus Medical Group is a physician-owned medical group based in Evesham, NJ. Continuum detected unauthorized activity within its network on October 19, 2023. After doing what is necessary to safeguard its systems, third-party cybersecurity professionals were hired to find out the suspicious activity. Based on the forensic investigation, an unauthorized third party had obtained access to some of its systems from October 18 to October 19, and stole some files.

On February 16, 2024, Continuum stated on its website that it was looking into the incident while the investigation was ongoing. The file analysis was finished on March 8, 2024, and it was confirmed that the breached information involved patient names and Social Security numbers. Continuum then verified the information and got up-to-date address details. Breach notification letters were mailed on April 29, 2024.

Continuum has applied extra safeguards to stop further security incidents and has offered extra HIPAA training to its employees. The affected people were provided complimentary credit monitoring and identity theft protection services for 12 months.

Guardant Health Patient Information Exposed Online

Guardant Health, a medical lab located in Redwood City, CA that provides cancer screening testing on samples from doctors and hospitals, has informed patients of some of its customers about the exposure of their protected health information (PHI) on the internet. Guardant Health didn’t say in its notification letters when it identified the data breach. It only mentioned that a worker accidentally uploaded a file that contains patient information to a platform on the internet in October 2020. Guardant Health promptly deleted the file when the mistake was uncovered, and on March 4, 2024, it was affirmed that unidentified third parties copied the file from September 8, 2023 to February 28, 2024.

The PHI in the file differed from one patient to another and contained some or all these data elements: name, age, ID number, medical record number, and medical data like treatment data, dates of treatment, and test data. The files did not include financial data or Social Security numbers. Guardant Health stated it has improved its technical settings and has offered more staff training to stop identical incidents down the road. The breach report was submitted to government bodies but is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently uncertain how many people were impacted.

Bluebonnet Trails Community Services Email Account Breach

Bluebonnet Trails Community Services, a company offering mental health and developmental disabilities services around central Texas, has encountered an email account breach. It detected unauthorized activity in its email account on or about October 4, 2023. Passwords reset was implemented to stop more unauthorized access. Third-party cybersecurity professionals investigated the incident, which confirmed that a few staff email accounts were viewed by an unauthorized third party from July 20, 2023 to October 6, 2023. The accounts were evaluated to find out the types of information that was compromised, and that procedure was finished on February 26, 2024.

Bluebonnet Trails Community Services stated that the PHI of 76,165 people were exposed, which include names along with at least one of these data: birth date, Social Security number, driver’s license or state ID number, medical data, medical insurance data, financial account number, full-access credentials, and government-issued ID number. The policies and procedures of Bluebonnet Trails Community Services was reviewed in terms of data privacy and security. Extra safety measures were implemented to avoid the same incidents down the road.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy