Horizon House, Inc. based in Philadelphia, PA provides mental health and residential treatment services. It reported a hacking incident that affected its IT systems resulting in the potential compromise of the protected health information (PHI) of 27,823 people.
Horizon House discovered suspicious activity in its computer systems last March 5, 2021. It started an investigation to find out the nature and extent of the data breach, which showed an unauthorized person got access to its systems from March 2 to March 5, 2021.
An analysis of files kept on the breached systems was finished on September 3, 2021. The files included PHI like names, Social Security numbers, state identification card numbers, driver’s license numbers, addresses, birth dates, financial account data, medical claim details, patient account numbers,
medical record numbers, medical diagnoses, medical treatment notes, medical data, medical insurance data, and medical claims data.
All persons impacted by the incident were informed and instructed to keep track of their accounts and explanation of benefits statements for hints of falsified activity. Horizon House is reviewing current guidelines, procedures, and security protocols and will improve them to avoid more data breaches.
Devices Containing PHI Stolen During a Samaritan Center of Puget Sound Encounters Break-in
The offices of Samaritan Center of Puget Sound located in Seattle, WA discovered on July 19 that a break-in happened during the weekend of July 17/18, 2021. A computer, server, and other electronic equipment were stolen.
Samaritan Center stated that the offices had been locked and the computer and server had password protection; nevertheless, passwords could be brute-forced therefore it’s likely that the burglars could access the PHI contained in the devices.
The information contained in the server includes agency information such as client names, addresses, telephone numbers, dates of service, copies of charting content, diagnoses, copies of deposited checks, training videos, Social Security numbers, insurance data, and copies of billing reports. Samaritan Center believes that the email accounts of therapists, QuickBooks records, the Valant EHR platform, and archived information from its Medisoft client database are not at risk.
Samaritan Center stated there were several break-ins that happened at the Ravenna Blvd facility in the last 12 months. The provider has taken steps all through the year to enhance security such as more new locks, security alarm coverage, and video cameras. Additional physical and electronic safety measures are being used, such as affixing the server to the facility so that physical access to the server is not possible in case of a break-in. Samaritan Center is additionally looking into better encryption of network information.
Samaritan Center already reported the breach to the HHS’ Office for Civil Rights indicating 20,866 people were affected.