Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare
The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server.
Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ Association (EMRA), and the Emergency Medicine Foundation (EMF). The breach impacted data linked to those institutions. People who bought from or contributed to SEMPA EMF, or EMRA were affected by the breach.
ACEP discovered strange activity in its systems on September 7, 2020. The breached server contained the login information for its SQL database servers, which also stored members’ records. Even though there is no evidence that indicates the usage of the credentials to gain access to the databases, it isn’t possible to exclude unauthorized access. The data covering April 8, 2020 to September 21, 2020 were exposed.
There was different compromised information from one individual to another. Aside from names, sensitive information including Social Security numbers and financial data were exposed.
The affected server has been restored, passwords modified, and added technical safety measures have already been put in place. ACEP offered one year of credit monitoring services to impacted people.
Epilepsy Florida Affected by Blackbaud Data Breach
Epilepsy Florida has lately affirmed that it was affected by the Blackbaud Inc. data breach. The breach took place in May 2020 and the healthcare provider mailed notifications to impacted clients in July 2020.
In a substitute breach notice posted on March 30, 2021, Epilepsy Florida stated that it started investigating the breach to find out what data were compromised and, after requiring additional data from Blackbaud, it was mentioned that the breach merely affected the full names of 1,832 persons. No other details seem to be exposed.
VEP Healthcare Reports Unauthorized Access to Multiple Email Accounts
VEP Healthcare based in Portland, OR learned that unauthorized individuals accessed a number of employee email accounts after employees clicked phishing emails and exposed their account credentials. The provider found out about the email security incident on March 11, 2021. The investigators of the breach stated that the affected email accounts were accessed between November 15, 2019 and January 20, 2020. It remains not clear specifically what information the compromised accounts included.
Though the hackers viewed the email accounts, there’s no proof that suggests the access or stealing of any PHI. Nevertheless, as a security precaution, VEP Healthcare provided the impacted people a no-cost one-year membership to the IDX identify theft protection service including a $1 million identity theft insurance protection.
Since the incident, VEP healthcare has enhanced email security, applied 2-factor authentication on email accounts, has changed its guidelines and procedures, and given extra security awareness training to the employees.