Data Breaches at Mobile Anesthesiologists Patients, Haven Behavioral Healthcare and Heart of Texas Community Health Center

Mobile Anesthesiologists fairly recently found out about the exposure of a limited amount of patients’ protected health information (PHI) because of a technical misconfiguration. The problem seemed to have occurred prior to December 14, 2020, and allowed public access of PHI like names, health insurance details, date of service, medical procedure, and dates of birth.

An investigation of the issue concluded on January 28, 2021 and it affirmed the exposure of the PHI of 65,403 persons. Though the PHI could possibly have been accessed by unauthorized people, there is no evidence found that indicates unauthorized data access or PHI misuse. Mobile Anesthesiologists notified the affected persons by mail starting March 10, 2021.

Haven Behavioral Healthcare Announces Breach of Systems That contain Patient Data

Haven Behavioral Healthcare based in Nashville, TN has reported that unauthorized people obtained access to areas of its network that hold the protected health information of patients. The provider discovered the breach on or around September 27, 2020 and launched an investigation immediately. Third-party cybersecurity specialists helped to ascertain the nature and magnitude of the breach.

The investigation established that the attacker viewed its systems between September 24 and September 27, 2020. It was confirmed on January 27, 2021 that the files potentially accessed by the attacker contained patient information. An examination of the files was concluded on March 11, 2021 and Haven Behavioral Healthcare began sending breach notification letters on March 23, 2021.

Although the files were accessible, the investigation can’t confirm if the hacker accessed the files. It is presently uncertain which hospitals and how many patients were affected.

Email Error Causes Unauthorized Disclosure of Heart of Texas Community Health Center Patients’ PHI

Heart of Texas Community Health Center learned about the exposure of the PHI of some patients.

An email that contains patient information was sent to people who are authorized to view the content, but the email got sent to an account that was outside the security of the firewall and may have been intercepted because the email wasn’t encrypted.

The email just enclosed an email address and noted the email account holder was late for a pap smear. The email did not contain any name or other data. The email just connected to female patients who are 21 to 65 years of age and had been to a Heart of Texas Community Health Center site from September to December 2020.

There was no report received that indicate the interception of the email or its access by unauthorized persons.