K and B Surgical Center and Healthpointe Medical Group Inform Patients Concerning Hacking Incidents

K and B Surgical Center located in Beverley Hills, CA uncovered that an unauthorized person accessed its computer system. The healthcare provider discovered the security breach on March 30, 2021, and a third-party forensic investigation confirmed the breach of its network between March 25 and March 30.

When K and B Surgical Center became aware of the breach, it did something to stop the attacker from continuing to access its system. It launched an investigation to find out the scope of the breach. On April 27, 2021, the investigation determined that the attacker acquired access to portions of the network that had the protected health information (PHI) of patients.

Data mining was done on the impacted servers to find out which types of information were compromised and which patients were impacted. K and B Surgical Center mentioned in its breach notification letters issued on September 3, 2021 that it only got the finalized list of affected patients on July 27.

The types of data, which the attacker probably accessed and/or exfiltrated are the following: Names, phone numbers, addresses, driver’s license numbers, diagnoses, treatment and prescription data, provider names, Medicare/Medicaid numbers, patient IDs, lab test results, health insurance data, and treatment cost details. During the issuance of breach notification letters, there were no reports received regarding any cases of actual or attempted misuse of patient records because of the security breach.

As a whole, there were 14,772 people that got the notification letters. as a preventative measure against identity theft and fraud, K and B Surgical Center provided the affected persons with one year of complimentary credit monitoring and identity theft restoration services.

Right after the security breach, passwords were modified for all account users, email accounts and VPN connections. K and B Surgical Center additionally installed new anti-virus security programs and threat monitoring systems on all computer systems. The staff was retrained regarding security, its Security Rule risk analysis got updates, and routine security audits are going to be performed to determine possible vulnerabilities.

Healthpointe Medical Group Alerts Patients With Regards to Hacking Incident

Healthpointe Medical Group based in Portland, OR has advised a number of patients concerning a hacking incident and the compromise of their PHI.

Healthpointe identified suspicious activity on several servers on or around June 9, 2021 and immediately took action to protect its IT systems. A prominent computer forensics company investigated the character and extent of the breach. On July 7, 2021, the investigation result showed the attacker had obtained access to data files or folders that included patient files. An assessment of those records and directories was accomplished on July 27 and established they comprised names, Social Security numbers and addresses. Healthpointe started mailing notification letters to impacted people at the end of August.

Healthpointe has carried out an organization-wide password reset, made updates to its firewalls, enlarged the usage of multi-factor authentication, and performed other measures to strengthen its security standards. Impacted persons were instructed they could acquire one year of identity theft protection services from IDX for free and will be covered by a $1 million identity theft insurance plan.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone