PHI Exposed Due to Cyberattack at Priority Health, Living Innovations, and MultiCare Health System

The health plan provider Priority Health located in Michigan has announced that it was affected by a data breach involving its business associate, the law company Warner Norcross & Judd (WNJ).

Steps were quickly undertaken to stop further unauthorized access upon finding suspicious network activity by WNJ on October 22, 2021. A digital forensics organization helped with the investigation and affirmed that attackers had acquired access to sections of its system that comprised the protected health information (PHI) of around 120,000 of Priority Health’s health plan members.

The impacted records contained names, and pharmacy claims data from selected prescriptions issued in 2012, which include medicine names, dates of filling the prescription, and insurance company names. WNJ mentioned it did not find any evidence of misuse of plan members’ information, although the chance of data theft can’t be excluded.

WNJ stated Priority Health was alerted with regards to the security breach n June 6, 2022 – More or less 8 months after finding out about the security breach.

PHI Compromised Because of BEC Attack on Living Innovations

Living Innovations, a company offering its services to persons with handicaps, has affirmed that unauthorized persons obtained access to the email accounts of a number of employees from June 6 to June 14, 2022, as a result of responding to phishing email messages. The email security incident was discovered on June 7, 2022, upon detection of abnormal email account activity.

The attack was likely carried out to attempt to redirect invoice payment to an account managed by the threat actor, instead of to access patient data; nevertheless, unauthorized access to patient data cannot be eliminated. An evaluation of the impacted email accounts showed they included patient information like names, client medical insurance details, Medicaid data, Social Security numbers, and limited information linked to services acquired at Living Innovations.

Living Innovations mentioned it didn’t uncover any proof of misuse or theft of patient data; nonetheless, as a preventative measure, affected people were provided free credit monitoring and identity theft protection assistance. Extra training was given to workers regarding how to recognize and stay away from phishing emails.

The breach report was sent to the HHS’ Office for Civil Rights stating that approximately 4,000 people were impacted.

18,615 MultiCare Health System Patients Impacted by Avamere Health Services Cyberattack

MultiCare Health Services has reported that it was impacted by the cyberattack on Avamere Health Services, a business associate. The breach notification explained that a threat actor acquired access to Avamere Health Services’ systems and possibly erased the data of patients who obtained services from MultiCare from September 2016 to November 2021.

The persons impacted by the breach had utilized the Connected Care Network, a branch of MultiCare Health Services. Impacted persons were provided free identity theft protection and credit monitoring services.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone