The home help service provider known as Home Care Providers of Texas (HCPT) based in Dallas, TX recently reported that unauthorized persons acquired access to its system and encrypted files using ransomware. The company detected the security breach on June 29, 2022, when staff members could not access patient files. Top-rated third-party cybersecurity professionals investigated the breach to find out the nature and extent of the data breach. It was confirmed that the attackers got access to its system from June 15, 2022 to June 29, 2022. At that time, the attackers exfiltrated files from the system that included names, addresses, birth dates, treatment or diagnosis data, medication details, and Social Security numbers.
The delay in sending notification letters was because of the long procedure of going over all files possibly viewed or acquired to find out which people were impacted. That procedure was done on November 15, 2022. Impacted persons were instructed to check their accounts, credit reports, and explanation of benefits statements for suspicious activity. HCPT mentioned steps were undertaken to enhance cybersecurity.
The incident is not yet posted on the HHS’ Office for Civil Rights breach website. Nevertheless, notification has been sent to the Texas Attorney General indicating that 124,363 Texas residents were affected.
Hacking Incident at Circles of Care, Inc. Impacts 61,170 Persons
Circles of Care based in Florida provides behavioral care services. It has just been reported that worker and patient data was possibly exposed during a cyberattack in September 2022. The provider detected suspicious activity within its system on September 21, 2022. It was confirmed by the investigation that an unauthorized third party acquired access to the system on September 6, 2022.
On November 29, 2022, the forensic investigation confirmed that the unauthorized persons accessed areas of the system that contained patient and staff data for instance, names, birth dates, addresses, telephone numbers, driver’s license numbers, Social Security numbers, bank routing, and account numbers, names of providers, service dates, medical account numbers, diagnoses, and clinical procedure codes. That data was likely viewed or obtained, though, during the issuance of notifications, there were no reports of data misuse. Impacted persons were instructed to be cautious against cases of identity theft and fraud by going over their explanation of benefit forms and account statements.
Circles of Care has reported the breach to the HHS’ Office for Civil Rights indicating that 51,170 persons were affected.
Impermissible Disclosure of Health Network States Tracking Technologies
Community Health Network based in Indianapolis, IN just lately reported the use of tracking technologies on the web page and patient website of its affiliated company, Fishers Digestive Care, which led to the impermissible disclosure of patient information to third parties. The disclosed data contained names, medical record numbers, consultations, IP addresses, insurance plan, healthcare provider data, and communications between individuals and others via the MyChart patient website. The magnitude to which every person was impacted cannot be confirmed and would need interactions on the web page and patient website.
Community Health Network previously reported the data breach to the Office for Civil Rights as impacting around 1.5 million individuals. It is presently unclear how many Fishers Digestive Care patients were impacted, and if they are contained in the 1.5 million total.