UofL Health and Jawonio Report Email Data Breaches
UofL Health has begun informing 42,465 patients regarding the sending of some of their protected health information (PHI) to the wrong external email address.
The healthcare system in Louisville, KY sent breach notification letters to impacted patients on June 7, 2021 instructing them concerning the compromise of some of their PHI. The owner of the external domain contacted UofL Health the next day and gave technical proof showing that no one had viewed the email messages, which had been deleted once and for all.
A number of patients who had their PHI exposed received offers of free identity theft protection services. Although it has already been established that PHI was not viewed and is not accessible any longer, UofL Health stated that any patient can still sign up for identity theft protection services free of charge.
UofL Health stated in its website notice to patients that it is relieved that its patients’ data was not at risk during this incident. Hopefully, breach information comes sooner. There is no statement by UofL Health in its breach notice regarding the information contained in the email messages.
Jawonio Email Account Breach Impacts 13,313 Patients
Jawonio in the Mid-Hudson Region of New York is a lifespan services provider for people having behavioral health problems, developmental disabilities, and chronic medical ailments. An unauthorized person has accessed Jawonio’s email environment.
The provider detected suspicious activity in its email system on April 20, 2020 and took steps immediately to block further unauthorized access. n investigation was started to find out the nature and extent of the data breach. With the help of third-party cybersecurity specialists, Jawonio discovered on November 24, 2020 that the personal data and PHI of 13,313 people were possibly compromised.
The analysis of the impacted email accounts showed that they included names, birth dates, Social Security numbers, medical record numbers, medical condition details, treatment information, identification numbers issued by the government, medical insurance data, and financial account details.
Although PHI was possibly accessed, there is no evidence found that suggests the misuse of information. People impacted by the data breach were offered free credit monitoring and ID protection services. The delay in sending breach notification letters was because of the long process of determining the present mailing addresses of the impacted people.