Breach Reports Submitted by Fairfield County Implants and Periodontics, Los Angeles County Department of Mental Health, and Scott County

Fairfield County Implants and Periodontics (FCIP) based in Connecticut has lately stated that an unauthorized person accessed an email account. FCIP confirmed on March 2, 2022 the inclusion of the protected health information (PHI) of some patients in the breached email account. The analysis of the email account revealed the exposure of the following types of data: names, addresses, birth dates, telephone numbers, email addresses, Social Security numbers, medical insurance data, and medical background and treatment data.

Notification letters had been delivered to affected patients on April 15, 2022. FCIP stated there was no proof of actual or attempted patient data misuse received during the time of giving the notification letters. Impacted persons were provided two years of complimentary credit and CyberScan monitoring.

FCIP reported the breach to the HHS’ Office for Civil Rights as impacting around 10,502 people.

Los Angeles County Department of Mental Health, California

Los Angeles County Department of Mental Health lately announced a breach that affected three email accounts of its employees. The compromise of the email accounts on October 19, 2021 happened because the employees responded to phishing emails. It wasn’t possible for the forensic investigators to know for sure whether any sensitive data was accessed or copied, nevertheless, the chance of unauthorized information access cannot be eliminated.

An evaluation of the impacted email accounts showed they included these kinds of data: names, addresses, birth dates, Social Security numbers, driver’s license numbers, medical and/or health data, medical insurance details, SSID student ID, and/or bank account numbers. Upon discovery of the breach, immediate action was undertaken to protect the accounts, Network credentials had all been reset. Supplemental safety measures have already been executed.

The breach report was submitted to the HHS’ Office for Civil Rights, despite the fact that it isn’t presently published on the breach portal, therefore it is uncertain how many people were impacted.

Scott County, Iowa

Scott County located in Iowa has reported that it suffered a cyberattack that was identified on November 30, 2021. The employee’s email account was found to have been employed to send suspicious email messages to internal and external email accounts. The following forensic investigation affirmed that the three employees’ email accounts were compromised and viewed by an unauthorized person on October 27, 2021.

An audit was performed on all emails in the email accounts. On February 22, 2022, that process was finished and confirmed that the email accounts comprised the sensitive data of customers, the employees of Scott County, and other people who acquired medical treatment or medical assistance from Scott County. The email accounts contained information like names, addresses, birth dates, Social Security numbers, health data, medical insurance details, and financial account data. At this time, there is no proof of actual or attempted improper use of sensitive information discovered.

The breach is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently uncertain how many people were affected.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone