A review of data breaches that were reported to the HHS’ Office for Civil Rights and state attorneys general.
Blue Shield of California
Blue Shield of California has begun informing a number of health plan members concerning a privacy breach by one of its workers. The staff member sent a spreadsheet that contain plan members’ names, telephone numbers, Social Security numbers, email addresses, addresses, and/or Taxpayer ID numbers from his/her account at work to a private email account on June 17, 2022. Privacy Officer David Keystone of Blue Shield of California stated it found out about the privacy violation on October 30, 2022, and the worker was questioned and told to erase the email message and any spreadsheet copy.
Due to the incident, Blue Shield of California toughened its system recognition tools to avoid more impermissible PHI disclosures. As a preventative measure against identity theft, impacted people were given free 12-month access to a credit monitoring and identity theft protection service.
The number of persons affected is not yet confirmed.
Medstar Mobile Healthcare
The emergency and non-emergency ambulance service of Medstar Mobile Healthcare based in Tarrant County, TX just reported that it suffered a cyberattack leading to the likely compromise of patient information. Suspicious system activity was discovered on October 20, 2022, and it was afterward affirmed that an unauthorized third party had acquired access to areas of the network that stored patient data. It cannot be confirmed whether the files were viewed or stolen. The evaluation of the files showed they mainly included non-monetary billing details only; nevertheless, a number of persons likewise had their complete name, birth date, contact data, and some medical data revealed. The breach investigation is in progress.
The number of impacted persons remains unsure.
Pediatrics West & Allergy West
Pediatrics West & Allergy West based in Massachusetts have informed 1,364 patients concerning the unauthorized access to some of their PHI that was kept on its system. The provider detected the data breach on October 17, 2022 and the forensic investigation confirmed that unauthorized access happened from August 19, 2021, to August 15, 2022. The data records on the network contained names, contact details, birth dates, demographic details, diagnosis and treatment details, prescription data, medical record numbers, dates of service, provider names,
and/or medical insurance details. Pediatrics West mentioned it has put in place extra security measures and technical security procedures to further secure and keep track of its IT infrastructure.
Mailing Error at The Louis A. Johnson VA Medical Center
The Louis A. Johnson Veterans’ Administration Medical Center located in West Virginia has lately reported a privacy breach regarding the PHI of 736 people. There was an error in a mailing to veterans resulting in the full Social Security numbers being readable on the letters. Impacted veterans were advised through the mail and were provided complimentary access to credit monitoring services. The VA has likewise created a work group to look into the mailing process to evaluate possible vulnerabilities, and more controls will be used to prevent the same issues later on.