Patient Data Exposed Because of a Phishing Attack on UC San Diego Health
UC San Diego Health recently sent a report to the California Attorney General regarding a phishing attack that was identified on January 9, 2024, wherein patients’ sensitive information was breached. Two Hillcrest Medical Center staff answered the phishing emails and exposed their credentials, consequently enabling unauthorized individuals to log into their email accounts. UC San Diego Health mentioned the email accounts were viewed for short periods between January 9, 2024 and January 22, 2024.
An evaluation of the compromised emails and attachments was finished on February 26, 2024, and revealed that they included patients’ protected health information (PHI) like names, Social Security numbers, and one or more of these data: birth date, email address, mailing address, medical record number; health insurance details; treatment cost data; and/or clinical data, for instance, medicines, provider name or diagnosis.
UC San Diego Health stated it is boosting its security settings and will give phishing awareness training and education to its workers. Breach notification letters are being mailed to the affected people. Free credit monitoring and identity theft protection services are likewise being made available. It is currently not clear how many persons are impacted.
Patient Data Compromised at Littleton Regional Healthcare
Littleton Regional Healthcare based in New Hampshire recently announced a breach of the PHI of 12,614 persons. On January 2, 2024, a staff member sent an email including patients’ names and dates of birth to someone who was not permitted to obtain the data. That person contacted Littleton Regional Healthcare to report the problem on the same day and affirmed that the information in the message was not given to any individual and that the email message was erased. Littleton Regional Healthcare has informed the affected people, assessed the guidelines and protocols, and has offered additional training to staff members to lessen the probability of the same errors later on.
Over 3,300 Individuals Impacted by Texas Health and Human Services Commission Breach
The Texas Health and Human Services Commission (HHSC) uncovered an impermissible disclosure of the personal data of 3,392 people. On January 11, 2024, an employee sent spreadsheets with sensitive information to a personal email account. The spreadsheets comprised the personal details of persons who live in or near Longview, Texarkana Tyler, Beaumont, Nacogdoches, and Marshall, and involved complete names, addresses, phone numbers, financial data, medical details, Social Security numbers, and Medicaid numbers. The spreadsheets were delivered in a few emails from September 2023 to October 2023.
The breach investigation finished on February 2, 2024, and notification letters were mailed to the impacted persons, who were given one year of complimentary credit monitoring services. HHSC mentioned it didn’t find any proof that indicates the disclosure of the spreadsheets to any other individuals or the misuse of the data. Supplemental training was given to the personnel to remind them of the benefits of securing private information.
Software-Associated Security Breach at UT Southwestern Medical Center
UT Southwestern Medical Center recently gave a breach notification to the Texas Attorney General involving the PHI of 2,094 persons. At this stage, little information concerning the data breach is provided, however, the medical provider has stated that the breach wasn’t caused by a cyberattack and was linked to the usage of unapproved applications. The exposed data included names, birth dates, addresses, health details, and medical insurance data. UT Southwestern Medical Center is already preparing the notification letters, which will be sent by mail soon.
