Alabama Healthcare Provider Announces 441,000-Record Data Breach
The Birmingham, AL, Heart Hospital, Cardiovascular Associates, has recently announced that unauthorized individuals gained access to certain parts of its network between November 28, 2022, and December 5, 2022, and removed files containing patient information. The breach was detected on December 5, 2022, and immediate action was taken to contain the breach and prevent further unauthorized access. A leading digital forensics firm was engaged to investigate the breach and confirmed data theft had occurred.
The review of the affected files revealed they contained the following types of information: Full names, birth dates, addresses, Social Security numbers, health insurance information, medical record numbers, dates of service, provider/facility names, visit/procedure/diagnosis information, medical tests results and images, billing and claims information, passport numbers, driver’s license numbers, credit/ debit card information, and financial account information. The types of data compromised varied from patient to patient and the usernames and passwords of a limited number of patients were also compromised.
Cardiovascular Associates has strengthened system security to prevent similar breaches in the future and its security and monitoring capabilities have been enhanced. Individuals whose Social Security number, credit card/debit card information, financial account information, passport or driver’s license number was compromised have been offered free credit monitoring and identity restoration services.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal but has been reported to the Maine Attorney General as affecting 441,640 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Great Neck/Mid Island Dental Reports Third-Party Data Breach
Richard T. Miller, DMD, PC, doing business as Great Neck/Mid Island Dental, has recently announced via his legal counsel that the protected health information of 22,933 individuals may have been accessed by unauthorized individuals. The data breach occurred at a law firm that helped Great Neck Dental acquire the assets of another dental practice in 2015. Cooperman Lester Miller Carus LLP (CLMC), assisted the seller with the acquisition and was provided with information as part of the business transaction, which included patient information. Great Neck Dental was notified on October 7, 2022, that an unauthorized individual had gained access to the email account of a CLMC partner between March 27, 2022, and June 1, 2022. The email account contained patient names, dates of birth, Social Security numbers, and dental insurance information.
Richard T. Miller said Great Neck/Mid Island Dental systems were unaffected and no reports of data misuse have been detected; however, as a precaution, affected individuals have been offered complimentary identity protection services.
Multnomah County Health Department Says Records of 2,000 Clients Potentially Accessed in Break-in
The Multnomah County Health Department in Oregon has confirmed that the personal information of approximately 2,000 individuals has potentially been accessed in a break-in at the Multnomah County Health Department headquarters. The break-in occurred over the weekend of February 17/18, 2023, and was discovered on February 21 due to the President’s Day holiday.
A county laptop computer and a new client cell phone were stolen and the perpetrator also entered an area where paper records were stored that contained client information. The suspected perpetrator was arrested last week by law enforcement. All affected clients and employees have been notified by mail if they were affected.
