Potential PHI Exposure Due to Rhode Island Healthcare Provider and California Hospice Security Breaches

2,943 patients of Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) received notifications concerning the compromise of some of their health information due to unauthorized server access. A hacker got access to the network of RIENT on June 19, 2019.

RIENT discovered the breach on the day it occurred and promptly secured its system. A third-party computer forensics firm investigated the breach to determine its nature and extent.

The compromised servers contain RIENT patients healthcare records but not for all patients – only those who received healthcare assistance on May 1, 2019 up to June 12, 2019. The forensic team found no evidence that suggests the viewing or replicating of patient information and there was no report obtained that indicate patient data misuse.

For many of the affected patients, the data that was compromised only included names, birth dates, and clinical information. Some patients’ Social Security numbers were likewise compromised.

RIENT provided credit monitoring and identity theft protection services for free to patients whose Social Security numbers were exposed. The provider also implemented additional technical safety procedures to improve security posture and prevent identical attacks from happening again.

California Hospice Breach Due to Ransomware Attack
The Hospice of San Joaquin based in Stockton, CA reported the ransomware attack on its network on July 2, 2019 resulting to the access of its servers, which contain some patients’ protected health information (PHI).

Even though the attackers got access to the patient data, the hospice is convinced that there was no viewing, misuse or theft of any personal information by the attackers.

Since unauthorized data access or theft can’t be ruled out 100%, the hospice sent breach notification letters to its patients. The compromised patient data included their complete name, residence address, diagnoses, other sensitive information and patient ID number.

The hospice also toughened their security procedures to prevent similar attacks from occurring again.