PHI Exposed in Breaches at CorrectHealth, Peter Brasseler, and Gifted Healthcare

CorrectHealth Informs 54,000 Individuals Concerning the Email System Breach in November 2021

CorrectHealth based in Alpharetta, GA is informing patients concerning a compromise of its email system. The data breach was discovered on November 10, 2021. The investigation proved that an unauthorized person accessed a number of staff members’ email accounts. Legal advice for CorrectHealth stated the third-party forensic investigation of the security incident finished on January 28, 2022. It was confirmed that the breached email accounts of the patients contained protected health information (PHI).

A thorough analysis of the affected accounts was done from March 2022 to July 2022 to find out the particular data that was impacted. The information that was compromised in the breach were: names, addresses, Social Security numbers. CorrectHealth explained it is not aware of any misuse of patient data.

CorrectHealth mailed notification letters on August 25, 2022 and offered complimentary credit monitoring and identity theft protection services to the affected persons. Prompted by the breach, CorrectHealth has applied extra safety measures, such as implementing an enhanced phishing service, placing disclaimers on all email messages gotten from the outside, applying multi-factor authentication for the admin team, and just one login solution for clinical personnel. CorrectHealth is likewise doing weekly data protection and simulated phishing training every month.

The provider submitted the report to the Maine attorney general as impacting 54,066 persons.

Brasseler Patients Impacted by Ransomware Attack

Peter Brasseler Holdings, LLC located in Savannah, GA lately reported that it experienced a ransomware attack. It identified the attack on June 24, 2022 and launched an investigation. It was established that the files comprised the protected health information (PHI) of patients kept in areas of the impacted systems and were seen or acquired in the incident. The breach additionally affected Brasseler U.S.A. Medical, LLC. and Brasseler U.S.A. Dental, LLC., its subsidiaries.

The incident investigation is in progress, nevertheless, it was affirmed that these types of data were likely exposed: names, ID numbers given by the government for example driver’s license numbers, Social Security numbers, and passport numbers; financial account details, for example, credit and debit card numbers; health and insurance details; and other data, like birth dates.

The breach report was sent to the Maine attorney general showing that 3,353 people were impacted. Brasseler provided to the afflicted persons a free two-year membership to Experian’s IdentityWorks credit checking and identity theft protection support.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone