JEV Plastic Surgery & Medical Aesthetics and UNC Health Reported Data Breaches

JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has began sending notifications to 1,620 patients concerning the exposure of some of their protected health information (PHI) because of a security breach.

Malware was discovered which granted an unauthorized individual to gain access to systems that held protected health information.

A third-party forensic specialist assisted the investigation and confirmed that the malware was put in on April 30, 2021, and made possible access to its systems up to June 14, 2021. A detailed analysis of files on the affected systems was performed to figure out whether any patient file was seen or obtained. It was affirmed by JEV Plastic Surgery on September 8, 2021 that files on the breached systems included PHI such as names, birth dates, consultation records, surgical operative information, and medical backgrounds. JEV Plastic Surgery states it is not aware of any attempted or actual misuse of personal records.

JEV Plastic Surgery is going over its policies and protocols and will revise them as needed to strengthen data security. New internal training practices have also been used to reduce any risk linked to this event and to better secure against potential security incidents.

The unauthorized access happened in September 2020, however it wasn’t discovered until August 2021. Bryan Health informed all affected persons regarding the breach through mail and stated that the employee is no longer working at Bryan Health

Billing Details of 946 UNC Health Patients Exposed

UNC Health located in Chapel Hill, NC learned that the billing data of 946 patients were possibly accessed by unauthorized persons.

An internal evaluation of billing fields in its electronic health records was done on September 9, 2021. One of the fields in the EHR distinguishes people authorized to access patient billing details, and any person inputted in that field can access patients’ billing data. The persons included in those fields are normally kin of a patient or other people who were allowed to access their billing details.

The assessment discovered 946 patients who had listed someone in the health system cannot confirm was permitted to access billing details. Therefore, it’s possible that data like names, addresses, costs for services, and medical-associated data might have been viewed by unauthorized people.

No financial details, credit card details or Social Security numbers were comproised and it is deemed that the impacted patients aren’t at financial risk. UNC Health mentioned it has reset the field in the EHR, which will stop authorized access of the billing data. Notification letters were mailed to patients together with information for re-starting access to their billing data for named persons.

Guidelines were also adjusted to restrict the number of staff who could update the field and workers who are authorized to access the field were trained once more. Further safety measures were likewise applied to avert the same problems down the road.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.