PHI of 10,000 Persons Compromised Caused by Houston Health Department Portal Glitch

The Houston Health Department has recently reported the compromise of personal data and COVID-19 test results of 10,291 people on the internet because of a technical problem with its webpage. The issue made it possible for roughly 3,500 website users to gain access to the data of other persons.

The Houston Health Department mentioned it discovered the problem on January 6, 2022, and the website was disabled in 48 hours. Notification letters were late for a number of weeks as the portal concern was explored to know the full nature and extent of the incident. The health department stated that this wasn’t a hacking incident, and it appears that no compromised information was misused.

The types of records that might have been accessed included names, email addresses, addresses, birth dates, testing dates, and test data. Though no Social Security numbers were exposed, impacted people were given a free membership to an identity theft protection service for 12 months.

Priority Health Reports Compromise of Member Website Accounts

The Michigan health insurance company Priority Health has lately announced a breach involving a few member website accounts. As per a new breach notice, the security incident was noticed on December 16, 2021. Fast action was undertaken to stop even more unauthorized access, such as putting control on all member accounts between December 16 and December 21, as the breach was reviewed and the portal was made secure.

Priority Health mentioned data in the exposed accounts contained names, telephone numbers,
dates of birth, addresses, insurance data, claims details, and some medical details. Priority Health has been called in third-party security experts to strengthen security and avert other breaches. Multifactor authentication was likewise implemented on the website on January 18, 2022.

It is not clear at this time how many persons were affected.

Hofmann Arthritis Institute in Nevada and Hofmann Arthritis Institute of Utah

Hofmann Arthritis Institute in Utah and Hofmann Arthritis Institute of Nevada (HAI) have lately reported that they experienced a cyberattack on Alta Medical Management and ECL Group (AMM), a vendor which delivers billing and accounting services.

The attack took place on or approximately November 15, 2021, and stopped HAI from being able to access selected information on AMM systems. The investigation affirmed the attack was restricted to AMM systems and HAI systems were not affected. HAI reported AMM didn’t present any particulars on the nature of the attack, nevertheless, HAI had identified on December 7, 2021, that the deterrence of access to AMM systems was because of a cyberattack. HAI stated that the investigation into the attack is in progress, nonetheless, thus far it was impossible to say if any patient data was stolen during the attack.

A detailed assessment of all files offered to AMM was done to find out the types of patient information that might have been breached. The evaluation was concluded on January 27, 2022, and established these types of data were included in the files: names, addresses, birth dates, driver’s license numbers, Social Security numbers, financial data, health data, medical insurance data, and billing details. HAI mentioned it is uninformed of any attempted or actual improper use of patient information.

HAI stated it is looking at its security guidelines and procedures relevant to vendors and will employ supplemental measures to secure against more security breaches.

The breach report sent to the HHS’ Office for Civil Rights showed that 5,338 people were impacted.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.