JDC Healthcare Management located in Dallas, TX, which operates over 70 Jefferson Dental & Orthodontics practices all over the state of Texas, notified the Office of the Attorney General of Texas on March 17, 2022 that a security breach has impacted over 1,000,000 Texans.
On or approximately August 9, 2021, JDC Healthcare Management identified malware in its IT system. The forensic investigation of the data breach confirmed the installed malware in its network on July 27, 2021.
Additional facts on the data breach are now available. JDC Healthcare Management mentioned that the malware allowed unauthorized people access to its IT systems between July 27, 2021 and August 16, 2021. The forensic investigation affirmed that attackers accessed or stolen data on its systems that covered the electronic protected health information (ePHI) of patients.
JDC Healthcare Management revealed in its March 2022 breach notification letters that the thorough evaluation of the affected files is in progress, nevertheless, it has been affirmed that the types of compromised ePHI involved names, Social Security numbers, birth dates, driver’s license numbers, financial data, health insurance details, and health data.
JDC Healthcare Management mentioned in its breach notification letters that after knowing about this incident, it moved swiftly to investigate the incident and take action, examine the security of its network, recover functionality to its setting, and inform potentially affected persons.
JDC Healthcare Management stated it is examining and bettering its present policies and procedures to cut down the possibility of additional security breaches. Afflicted people were instructed to verify their accounts, explanation of benefits statements, and free yearly credit reports, even though the breach notification letters did not mention credit monitoring and identity theft protection services being provided. JDC Healthcare Management mentioned that at the moment of issuing notification letters, it didn’t know of any actual or attempted improper use of patient information.
Notification letters are currently being mailed and the breach report will be sent to the HHS’ Office for Civil Rights. The breach report sent to the Texas Attorney General states there were 1,026,820 Texans’ ePHI possibly breached.
Wheeling Health Right Inc. Experiences Ransomware Attack
Wheeling Health Right Inc. in West Virginia has reported it encountered a ransomware attack last January 2022. The security breach was discovered on January 18, 2022. Data contained in its IT systems weren’t accessed. Wheeling Health Right stated it acquired legal help and a data breach remediation agency to look into the attack and find out the scope to which its systems were breached.
An assessment of all files on the impacted sections of its systems established they comprised sensitive patient and employee data for instance full names, telephone numbers, addresses, email addresses, Social Security numbers, medical record numbers, driver’s license numbers, tax details, income details, and medical data of patients who applied for or got Wheeling Health Right’s services.
Wheeling Health Right says its information technology service provider decrypted, brought back, and rebuilt its systems, started a password reset for all system clients, applied multi-factor authentication for worker email accounts, and installed further endpoint detection and response software program. More privacy and security measures were likewise used, such as giving supplemental cybersecurity training to the personnel.
Wheeling Health Right mentioned affected people were advised on March 18, 2022, and were given identity monitoring for nothing for one year. The incident is not yet published on the HHS’ Office for Civil Rights breach site, thus it is presently not clear how many persons were impacted.