Hacking Incident at Country Doctor Community Clinic, WA
On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health information of 38,751 patients.
On October 6, 2022, strange activity was noticed in its computer systems. The clinic took prompt action to protect its IT programs and avert more unauthorized access. Independent cybersecurity professionals were involved to check the incident and find out the nature and extent of the breach. An audit was done to find out the types of data that were affected, then, current contact details were acquired for impacted persons. That process ended on October 14, 2022.
Country Doctor Community Clinic mentioned names, birth dates, Social Security numbers, addresses, and other PHI were possibly exposed. Credit monitoring and identity theft protection services are being offered to individuals whose Social Security numbers were exposed. Steps have also been taken to improve security to prevent similar breaches in the future.
Hacking Incident Reported by Riverside Medical Group, NJ
Adult medical practice Riverside Medical Group provides care to patients in Northern New Jersey. It recently found out that threat actors obtained access to a legacy server at its clinic located in West Orange. It’s probable that the hackers viewed or acquired files that contain patient information. The breached server belonged to a service provider who made use of it to save immunization data. No other servers were impacted.
Riverside Medical Group stated the breach was noticed on August 3, 2022. The analysis of files stored on the server showed that they comprised the PHI of 12,499 individuals, such as name, address, email address, birth date, gender, telephone number, immunization information, dates of immunizations, hospital data, health plan data, and in certain cases, Social Security number. Riverside Medical Group mentioned it doesn’t know about any actual or attempted improper use of patient details.
Improper PHI Disposal at The Valley Hospital, NJ
The Valley Hospital located in Ridgewood, NJ, just reported improper disposal of the records of persons who went to an outpatient COVID-19 testing facility. Unauthorized individuals potentially accessed or acquired the records.
Valley Hospital knew about the improper disposal incident on August 29, 2022. The hospital stated in its substitute breach notice that post-COVID-19 testing information had been discarded in a recycling bin at the testing center, instead of sending it for shredding. The documents contained the names of the companies giving COVID-19 tests as well as labels that had patient names, location codes, medical record numbers, and service dates.
The hospital tried to retrieve the paperwork yet could not get them back. The breach impacted individuals who got COVID-19 tests at the facility from June 1 to September 1, 2022. Valley Hospital already sent notifications to the impacted persons. The number of patients that were affected by the breach is still uncertain.
