Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters.
On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to avert continued access and inspect the incident. The investigation established that an unauthorized person accessed a number of email accounts between July 27, 2020 and July 30, 2020.
A forensic investigation was performed, and the breached accounts were analyzed to find out the data likely obtained by the hacker. The review was done on December 29, 2020.
The types of data found in the accounts differed from person to person and could have contained names plus at least one of these data elements: birth date, financial account data, payment card details, Social Security Number, driver’s license number, medication details, diagnosis information, treatment data, treatment provider, medical insurance details, medical records, Medicaid/Medicare ID number, employer ID number, digital signature, username and password.
It wasn’t possible to identify whether the hacker viewed or downloaded data in the email accounts, however, no report was acquired so far that suggests the misuse of any patient data. Notification letters were fairly recently mailed to impacted persons and no-cost identity theft protection services were given.
79,100 Patients’ PHI Exposed in Gore Medical Management 2017 Breach
Medical practice firm Gore Medical Management based in Griffin, GA has found a historic data breach that involved the protected health information (PHI) of 79,100 people. The breach took place in 2017 and impacted patients of Family Medical Center located in Thomaston, which is currently associated with Upson Regional Medical Center.
Last November 2020, the Federal Bureau of Investigation notified Gore Medical Management that a third-party computer was reclaimed in an investigation that was identified to have the PHI of Family Medical Center patients.
It was established by the breach investigation that an attacker took advantage of a vulnerability to acquire access to the Family Medical Center’s system. The vulnerability had been recognized and resolved a couple of months following the breach, though the breach itself wasn’t noticed at that time. The medical record system was not jeopardized, nevertheless, files that contain names, addresses, birth dates, and Social Security numbers were downloaded. There were no financial details or medical data affected.
There doesn’t seem to be further access to its networks or any other information transfers since 2017. Gore Medical Management has currently informed all affected patients and has provided them a one-year identity theft protection and credit monitoring service membership.