JDC Healthcare Management based in Dallas, TX, which manages around 70 Jefferson Dental & Orthodontics practices in Texas, informed the Office of the Attorney General of Texas on March 17, 2022 that a security breach has affected about 1 million Texans.
On or about August 9, 2021, JDC Healthcare Management discovered malware inside its IT network. The forensic investigation of the data breach confirmed the download of malware onto its systems on July 27, 2021.
Additional details on the data breach are now available. JDC Healthcare Management revealed that the malware granted unauthorized people access to its IT network from July 27, 2021 to August 16, 2021. The forensic investigation affirmed that attackers viewed or duplicated data on its systems that included the electronic protected health information (ePHI) of patients.
JDC Healthcare Management mentioned in its March 2022 breach notification letters that the extensive evaluation of the impacted files is ongoing, however, it has been affirmed that the types of compromised ePHI contained names, Social Security numbers, dates of birth, driver’s license numbers, financial data, health insurance details, and medical data.
JDC Healthcare Management stated in its breach notification letters that upon discovery of this incident, it moved immediately to investigate the incident and respond, evaluate the security of its systems, reestablish functionality to its environment, and alert potentially impacted persons.
JDC Healthcare Management mentioned it is going over and improving its current policies and procedures to lessen the probability of more security breaches. Impacted people were told to examine their accounts, explanation of benefits statements, and free annual credit reports, though the breach notification letters did not mention credit monitoring and identity theft protection services being provided. JDC Healthcare Management stated that when issuing notification letters, it did not know of any attempted or actual misuse of patient information.
Notification letters are currently being delivered and the incident report will be submitted to the HHS’ Office for Civil Rights. The breach report filed with the Texas Attorney General claims there were 1,026,820 Texans’ ePHI possibly exposed.
Wheeling Health Right Inc. Encounters Ransomware Attack
Wheeling Health Right Inc. in West Virginia has stated it experienced a ransomware attack in January 2022. The security breach was identified on January 18, 2022. Files on its IT systems were not accessed. Wheeling Health Right mentioned it involved legal counsel and a data breach remediation company to look into the attack and know the magnitude to which its systems were breached.
An assessment of all files on the affected areas of its systems established they included sensitive patient and employee information including full names, phone numbers, addresses, email addresses, Social Security numbers, driver’s license numbers, tax details, income details, medical record numbers, and medical data of patients who applied for or acquired Wheeling Health Right’s services.
Wheeling Health Right stated its IT service provider decrypted, retrieved, and rebuilt its systems, launched a password reset for all system users, enforced multi-factor authentication for worker email accounts, and installed extra endpoint detection and response software. More privacy and security measures were also implemented, which include providing extra cybersecurity training to the employees.
Wheeling Health Right stated impacted persons were informed on March 18, 2022, and were given identity monitoring without no cost for a year. The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is currently uncertain how many persons were affected.