Data Breaches Announced by Memorial Health System, MedQuest Pharmacy, and Oscar Health Plan of California

Memorial Health System in Ohio has just reported that the ransomware attack it suffered in August 2021 likely affected the protected health information (PHI) of 216,478 patients. Due to the ransomware attack, the health system needed to bring a number of patients to some other establishments and call off several appointments to make certain of patient safety. The hospital reported the attack soon after the incident, which took place on August 14, 2021. The investigation revealed the initial breach of its system occurred on July 10, 2021.

The health system sent a notice about the incident to the HHS’ Office for Civil Rights quickly, though back then it wasn’t known how many persons were impacted. Memorial Health System learned that patient information might have been affected on or around September 17, 2021, then took a thorough analysis of all impacted files. On November 1, 2021, the extent of the breach was identified nevertheless it took until December 9, 2021, to affirm the people affected and the particular types of details involved, therefore there was a delay in giving notices. Written notices were brought to impacted persons on or approximately January 12, 2022.

The exposed and potentially exfiltrated data included names, Social Security numbers, addresses, health/treatment data, and health insurance details. Impacted people were provided a complimentary membership to Kroll’s credit monitoring service for one year. After that, Memorial Health System has enforced supplemental safety measures to strengthen its security posture.

MedQuest Pharmacy Data Breach Impacts 39,447 Persons

In the middle of December, MedQuest Pharmacy began informing 39,447 individuals concerning the probable exposure of some of their protected health information due to a cyberattack that was discovered on November 18, 2021. With the assistance of its parent companies, Innovations Group and UpHealth Inc, and third-party cybersecurity professionals, MedQuest established the attackers initially acquired access to its networks on October 27, 2021. The unauthorized access was stopped on October 30, 2021.

A detailed assessment of all affected systems showed the attackers possibly viewed or obtained these types of information: Names, birth dates of birth, addresses, email addresses, phone numbers, sexes, medical record numbers, medical data, medication details, date(s) of treatment, referring physician names, health insurance policy numbers (such as Medicare or Medicaid number), and internal MedQuest patient identification number.

MedQuest explained that the driver’s license number, Social Security Number, financial account/payment card data, medical insurance claim number, policy data, and/or claim/appeal details of a limited number of people additionally were compromised. All impacted persons have been given a 12-month free membership to credit and identity monitoring services with Equifax.

Oscar Health Plan of California Informs Members Regarding Third Party Mailing Error Incident

Oscar Health Plan of California has begun informing 7,632 persons concerning a printing vendor error that led to the sending of their statements to the wrong health plan member.

As per the latest press release, the problem impacted mailings from October 28, 2021 to November 16, 2021. The statements contained a minimal amount of plan member data such as name, health plan ID number, claim number, provider details, treatment/service name, date(s) of service, and plan name/affiliation. In all cases, the statement was mailed to just one other plan member.

Oscar Health Plan instructed its printing vendor to employ supplemental safety measures to avoid the same mailing error and has acquired no information of any improper use of plan members’ data.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone