PHI Compromised Because of the University of Florida Health Shands, St. John’s Well Child and Family Center and St. Paul’s PACE Breaches
University of Florida Health Shands has learned that an ex-employee has viewed the health files of 1,562 patients without valid permission.
The HIPAA violations were uncovered on April 7, 2021. The provider promptly ended the worker’s access to medical documents pending an investigation. The investigation established that the worker had been accessing patient health records without authorization between March 30, 2019 and April 6, 2021.
The following types of data may have been viewed: names, telephone numbers, addresses, dates of birth, and laboratory test results, nevertheless no Social Security numbers, financial details, or health insurance information was breached.
University of Florida Health Shands doesn’t believe any PHI was stolen or further exposed; nonetheless, as a safety measure, affected persons were given 12-months of free credit monitoring services.
Cyberattack Affects 29,000 Patients of St. John’s Well Child and Family Center
St. John’s Well Child and Family Center, Inc. based in West Sacramento, CA is informing 29,030 persons regarding a cyberattack on February 3, 2021 that led to the probable exposure of their protected health information.
When the family center found out about the attack, it took action quickly to secure its systems and hired third-party cybersecurity professionals to help with the incident investigation. The investigation proved that the attackers possibly accessed or grabbed PHI for example names, Social Security numbers, and other private or medical details.
Persons who had their Social Security number possibly exposed were given free credit monitoring and identity theft protection services for one year.
Third-Party Breach Impacts Patients of St. Paul’s PACE
Community Eldercare of San Diego, also known as St. Paul’s PACE, was impacted by a breach that happened at a provider. Health plan management firm, PeakTPA, offers billing and other management services to St. Paul’s PACE. PeakTPA encountered a cyberattack on December 31, 2020 that lead to the compromise of the information of a number of St. Paul’s PACE patients.
Though the cybercriminal group responsible for the attack wasn’t mentioned in its breach notification, PeakTPA mentioned the FBI broke up the gang on January 27, 2021 and that all stolen records in the attack were restored. The timing implies the Netwalker ransomware gang may have carried out the attack.
PeakTPA reported that the attackers might have obtained data like names, addresses, birth dates, medication data, and Social Security numbers. Impacted people got offers for 3-years complimentary credit monitoring, fraud consultation, and identity theft restoration services via Kroll. PeakTPA explained that it has put in place more security options to avoid the same breaches down the road.