Three email incidents were lately announced by CareOregon Advantage, University Medical Center Southern Nevada, and Ultimate Care. A total of 38,485 individuals were affected.
PHI of CareOregon Advantage Members Compromised Because of Misdirected Email
CareOregon Advantage, the medical insurance agency based in Portland, OR, has begun informing 10,467 plan members concerning an impermissible disclosure of their protected health information (PHI). On January 27, 2022, an email message that contains an attachment with plan member data was provided to a hired consultant by mistake.
The consultant promptly advised CareOregon Advantage regarding the blunder and permanently erased the email and file attachment. The attached file comprised information like member names, ID numbers, Medicare/Medicaid numbers, and dates of birth. CareOregon Advantage thinks the threat of misuse of member information is minimal.
CareOregon Advantage stated its investigation affirmed that it has the appropriate policies and procedures set up to handle these types of events and those policies and protocols are assessed every year. The staff member who mailed the email was provided with more training.
15,788 People Affected by Phishing Attack on Ultimate Care
Ultimate Care, the home care agency located in Brooklyn, NY, has lately reported that unauthorized persons
accessed some staff email accounts right after staff members clicked on phishing emails. When the security breach was noticed, fast action was undertaken to protect its email platform and a forensic investigation was begun to find out the extent of the breach.
The forensic investigation results confirmed that unauthorized individuals accessed the email accounts between April 7, 2021 and June 2, 2021. A manual assessment of all emails within the accounts established they included names, as well as at least one of these types of data: passport numbers, driver’s license numbers, Social Security numbers, dates of birth, financial account data, credit or debit card details, medical details, health insurance policy data, and/or user ID and passwords.
Ultimate Care mentioned there were no reports acquired that suggest the improper use of any patient data; nonetheless, as a preventative measure against identity theft and fraud, persons whose Social Security numbers were affected were given free one-year memberships to a credit monitoring company. Notification letters were delivered to impacted people on February 22, 2022.
The breach report was submitted to the HHS’ Office for Civil Rights stating that 15,788 people were affected.
Business Associate Email Breach Impacted University Medical Center Southern Nevada Patients
University Medical Center Southern Nevada (UMC) has just affirmed the possible exposure of the PHI of 12,230 individuals was possibly exposed in a cyberattack on a business associate: The healthcare software program supplier Advent Health Partners (AHA).
AHA learned about the email breach at the beginning of September 2021 and established on December 2, 2021, that files that contain the PHI of its healthcare company clients were viewed. The files comprised first and last names, drivers’ license information, Social Security numbers, birth dates, medical insurance details, medical treatment data, and financial account details. AHA sent notification letters concerning the attack on January 6, 2021. Advent Health Partners sent the breach report revealing that 1,383 persons were impacted, nevertheless, a few of its clients, such as UMC, reported the incident independently.
This is UMC’s third reported data breach in the past 1.5 years. UMC suffered a REvil ransomware attack in June 2021 that led to the theft of the PHI of 1.3 million people, and last March 2021, UMC confirmed an unauthorized access/disclosure incident impacting 1,833 persons.