Patient Data Compromised Due to Data Breaches in 3 HIPAA-Covered Entities

Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider.

Eye Care Leaders stated it discovered a data breach on Dec. 4, 2021, and deactivated the affected networks in 24 hours. Texas Tech University Health Sciences Center stated it got the complete details of the forensic inquiry on April 19, 2022. The compromised data contained these data elements: name, telephone numbers, home address, email address, sexuality, birth date, driver’s license number, health insurance data, medical record number, appointment details, social security number, and medical data linked to ophthalmology services. There is no evidence of data extraction identified.

During the last couple of weeks, the number of eye care providers found to have been impacted by the Eye Care Leaders data breach continues to grow. A minimum of 23 eye care companies have reported they were affected and the PHI of over 2 million individuals is identified to have been compromised.

1.24 Million Baptist Health Patients’ PHI Likely Compromised in a Cyberattack

Not too long ago, Baptist Health commenced informing patients concerning a cyberattack that was uncovered on April 20, 2022, that involved malicious code configured on its system. As per the report, an unauthorized person acquired access to selected Baptist Health systems from March 31 to April 24, 2022. In that span of access, a number of files had been taken out from its systems.

As soon as the breach was found out, user access was discontinued, the impacted systems were shut down to avoid continuing unauthorized access, and cybersecurity practices were executed. The sections of the system that were viewed included the data of patients of Baptist Medical Center located in San Antonio and Resolute Health Hospital based in New Braunfels in Texas, and contained names, birth dates, addresses, medical insurance data, health record numbers, service dates, names of company and facility, main complaint/reason for a visit, consultation procedures and diagnosis details, Social Security numbers, and invoicing and claims details.

Baptist Health claimed it is strengthening its security and monitoring features to minimize the possibility of more data breaches. Patients have recently been informed and people whose Social Security numbers were likely exposed have received free credit monitoring and identity protection services.

Baptist Health has sent the breach report to the HHS’ Office for Civil Rights indicating that 1,243,031 persons were impacted.

Medical Record Compromise Announced by Santa Barbara County Department of Behavioral Wellness

Santa Barbara County Department of Behavioral Wellness located in California has just announced that an employee obtained access to the medical records of patients with no permission. The department discovered the unauthorized access on March 30, 2022, when it used a new security program for discovering unauthorized medical record access, which instantly marked out the data breach.

The health record system access of that staff member was blocked right away pending an investigation. The employee involved faced suitable disciplinary actions. The information accessed by the staff member involved names, phone numbers, addresses, email addresses, Social Security numbers, insurance data, medical data, and medical record numbers. There is no proof discovered that shows that any patient details were printed, sent externally, or written down. The department mentioned it is going to perform more security audits down the road and will be improving client outreach processes to avert any recurrences.

The department had mailed notification letters to all affected persons. The breach isn’t yet posted on the HHS’ Office for Civil Rights web portal, thus it is not clear how many individuals were impacted.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.