PHI Exposed at Medical Associates of the Lehigh Valley and TennCare

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) reported that its network lately encountered an advanced ransomware attack. The provider discovered the attack on July 3, 2022, and took quick action to control the attack and stop more unauthorized network access. Third-party forensics experts assisted in the investigation to find out the nature and extent of the attack.

According to MATLV, the investigation didn’t find any proof that indicates the misuse of patient data, however, the attacker accessed portions of the network that comprised files with the protected health information (PHI) of 75,628 persons, which could have been accessed or extracted during the attack. The files included names, birth dates, addresses, email addresses, Social Security numbers, state ID numbers, driver’s license numbers, medical insurance company names, health diagnoses, treatment details, prescription drugs, and laboratory results. The types of data compromised in the attack differed from person to person.

Cybersecurity experts examined the security procedures that were enforced before the attack. MATLV reinforced the security according to their recommendations. Impacted persons were encouraged to keep track of their explanation of benefits statements and bank accounts. Suspicious activity is to be reported immediately.

TennCare Reports Unintentional Compromise of Patients’ PHI

TennCare, the Medicaid program in Tennessee, has just informed around 1,700 patients regarding the accidental compromise of some of their PHI. Based on TennCare officials’ issued statement, a new program was used that accidentally connected individuals in one household with individuals in another household, when those households involved a few identical individuals.

The matter was quickly identified and remedied, however for a brief period, the names and ages of impacted persons and their dependents could have been apparent to other individuals who in the past were included in a similar case file. For 15 persons, more sensitive data was obvious for instance Social Security number, birth date, and address. Although the chance of data misuse is considered to be low, impacted persons were provided a free membership to an identity theft protection and credit monitoring service for 12 months, including an identity theft insurance policy valued at $1 million.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone