Refuah Health Center located in New York has just commenced informing 260,740 patients regarding a security breach that happened more or less a year ago. The April 29, 2022 announcement on the healthcare provider’s website states it uncovered unauthorized access to its system between May 31, 2021 and June 1, 2021. Upon knowing about the breach, the health center launched an investigation to figure out the nature and magnitude of the cyberattack, and a detailed review was then done on all records that were possibly accessed.
Refuah Health Center mentioned it learned on March 2, 2022, that the attackers had exfiltrated certain files from its network that included “a limited amount” of patients’ protected health information (PHI), such as names along with one or more of the following data elements: driver’s license numbers, state identification numbers, dates of birth, Social Security numbers, bank/financial account details, debit/credit card details, medical treatment/diagnosis data, Medicare/Medicaid numbers, patient account numbers, medical record numbers, and/or medical insurance policy numbers. The provider started sending notification letters to impacted people on April 29, 2022, and offered free credit monitoring services to persons whose Social Security numbers were probably compromised.
Though Refuah Health Center didn’t reveal additional data concerning the character of the attack, databreaches.net reported that the attack looks like executed by the Lorenz ransomware gang, which included Refuah Health Center to its collection of victims on its data leak site on June 11, 2021, though that entry is already removed.
Quantum Imaging Therapeutic Associates Patients’ PHI Exposed
Professional diagnostic radiology services provider Quantum Imaging Therapeutic Associates based in Lewisberry, PA lately sent notification letters to patients informing them about the exposure of their PHI. The data security breach was identified and blocked on October 7, 2021.
At that time of distributing notification letters, there was no information that indicated the attackers’ access or theft of any patient data, even though it wasn’t possible to eliminate the possibility. The compromised segments of its system comprised patient records including names, birth dates, addresses, Social Security numbers, and details linked to the radiology services offered.
After stopping the attack, Quantum started an investigation with the help of third-party IT experts and has now examined its network environment and made developments to security. Quantum will likewise be keeping track of the threat landscape tightly and will take proactive measures to handle new threats. Affected people have been provided complimentary identity theft protection services.
The incident is not yet published on the HHS’ Office for Civil Rights breach portal, thus it is uncertain how many persons were affected.
Email Security Incident Reported by RiverKids Pediatric Home Health Reports
RiverKids Pediatric Home Health based in Texas has lately begun informing 3,494 patients about the potential viewing or theft of some of their PHI due to an email security incident. RiverKids found out on March 15, 2022 that an unauthorized person had acquired access to the email account of a worker. The breach investigation confirmed the compromise of multiple employee email accounts. The accounts review also confirmed they included patient data like names, dates of birth, addresses, and medical insurance member IDs. There was no compromise of financial data or Social Security numbers.
RiverKids said additional email security measures have been implemented to prevent further security incidents.
