Data Breaches at New London Hospital, Child Focus and Orlando Health South Lake Hospital

New London Hospital based in central New Hampshire has identified an unauthorized person who accessed a file on its system in July 2020 and may have gotten the protected health information (PHI) of 34,878 patients. A third-party cybersecurity agency helped investigate the incident and confirmed on February 16, 2021 that the person accessed the file for a little while and might have duplicated it.

The file included patient names, minimal demographic data, and Social Security numbers; nevertheless, no data on diagnosis, treatment, or hospitalization was breached. New London Hospital is not aware of any misuse of data included in the file. The network system that stored the file is no longer utilized by the hospital.

More safety measures have already been applied to avert the same breaches later on. All patients were informed and given free credit monitoring and identity theft protection services.

Malware Infection at Child Focus Impacts 2,700 Records

Child Focus, a nonprofit provider of support to children and their families by means of early learning, behavioral health, and foster care programs in Cincinnati, OH, reported a hacking and malware infection of its systems that might have permitted the hackers to get access to sensitive patient data.

After learning about a possible breach of its main IT systems, third-party cybersecurity experts came in to investigate the breach and find out the nature and extent of the breach. There was no impact on the electronic health record system and application database; nevertheless, Child Focus was notified on January 5, 2021 that probability that the attackers viewed the PHI of 2,716 people, which include names, birth dates, Social Security numbers, medical and treatment-associated data, and state Medicaid numbers.

Child Focus notified the affected people and provided them with free credit monitoring and identity theft protection services. Steps were also undertaken to enhance system security, such as using improved controls for remote program access and innovative endpoint detection and response application on all endpoints and workstations.

Lost Orlando Health South Lake Hospital Logs Books Contain PHI of 1,623 Patients

Orlando Health South Lake Hospital has found out that the logbooks utilized for logging patients’ hospital visits were missing or stolen. The missing logbooks were discovered during the December 24 to December 28, 2020 period. A comprehensive search was carried out, however, the logbooks cannot be found.

Hospital employees employed the logbooks for taking note of obstetrics patients’ information such as names, birth dates, medical record numbers, hospital account numbers, attending doctor, dates of service, primary complaint, and/or internal hospital service codes. The information associated with the 1,673 patients who got care from April 20, 2019 to December 23, 2020.

The logbooks were stored in a private place in the hospital, therefore the hospital doesn’t think the logbooks were taken out of the hospital. Internal guidelines and procedures are being evaluated and will be modified, as needed, to enhance information security. The hospital is also thinking about other more safe techniques of documenting patient information.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.