Data Breaches at Covenant Healthcare, University Hospital, And Fisher-Titus Medical Center

Covenant Healthcare based in Saginaw, MI has found out that an unauthorized person obtained access to two email accounts of staff members. The account contained the protected health information (PHI) of about 45,000 patients. The provider discovered the security breach on December 21, 2020, and the investigation of the email breach revealed that the first email account had been breached on May 4, 2020.

An assessment of the compromised email accounts showed they comprised these types of PHI: Names, birth dates, addresses, Social Security numbers, driver’s license numbers, medical diagnosis and clinical details, medical treatment data, medicine data, patient account numbers, medical record numbers, doctors’ names, and health insurance details.

Affected people were instructed to put a fraud notification on their accounts and to keep an eye on their account reports for indications of unauthorized transactions. It appears that the affected persons were not offered complimentary credit monitoring.

Covenant Healthcare’s website breach notification declares that it is dedicated to securing patients’ personal information and promised to constantly examine and alter procedures and internal controls to boost security and privacy.

University Hospital in Newark, New Jersey

University Hospital located in Newark, NJ, has learned that an unauthorized person obtained access to its computer system and possibly looked at and downloaded patient data. The hospital discovered the breach on September 14, 2020, and found out that the network had been compromised for four days already.

A forensic investigation showed the attacker most likely acquired access to names, dates of birth, addresses, Social Security numbers, passport numbers, driver’s license numbers, state ID numbers, insurance data, financial details, medical record numbers, and certain clinical data.

Impacted persons got offers of free one-year identity theft protection and credit monitoring services membership. University Hospital has already made steps to strengthen its safety practices to avert more breaches.

Fisher-Titus Medical Center in Norwalk, Ohio

An unauthorized individual has acquired access to the email account of a staff of Fisher-Titus Medical Center located in Norwalk, OH. The initial access of the email account happened in August 2020 and it stayed accessible probably up to October 2020 when the breach was uncovered and the email account was protected.

The long wait in distributing notices to impacted people was a result of the time consumed to inspect the breach. Third-party cybersecurity specialists carried out their enquiry on January 13, 2020. The medical center distributed breach notices on February 18, 2021.

The medical center confirmed the breach affected patient names, medical details including diagnoses, clinical data, medical insurance details, Social Security numbers, and debit/credit card numbers. impacted persons whose Social Security number was likely affected were given free of charge membership to credit monitoring services for A year.

Extra security measures have already been put in place, such as adjustments to the password policy, upgraded antivirus software program, enhancements to external firewalls, and email retention policies were adjusted and monitoring boosted. A new anti-phishing system was at the same time carried out.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone