Lifeline Systems Company Notifies Patients About August 2022 Cyberattack
Lifeline Systems Company, a Marlborough, MA-based provider of patient alarm systems has recently notified 74,849 individuals about a data breach that occurred more than a year ago. According to the notification letters, unusual network activity was detected on August 6, 2022. Incident response protocols were immediately initiated, and a third-party computer forensic investigation was launched to investigate the nature of the incident.
The investigation confirmed that an unauthorized individual had access to its systems from July 27, 2022, to August 6, 2022, and accessed certain documents on its systems during that period. On August 18, 2022, Lifeline determined the documents included information for subscribers, employees, and individuals eligible to receive Lifeline services. The exposed information included names, driver’s license numbers, and Social Security numbers.
Due to the length of time taken to perform the document review, notification letters could not be sent until September 7, 2023. Complimentary credit monitoring services have been offered to individuals who had their Social Security number or driver’s license number exposed. Lifeline said it has enhanced its network monitoring capabilities and will continue to conduct audits of its systems to look for unauthorized activity.
Milan Eye Center Reports Breach at EHR Vendor
Milan Eye Center, an Atlanta, GA-based network of eye surgery centers, has started notifying 67,336 patients that some of their protected health information was compromised in an incident at its third-party vendor, iMedicWare Inc. Milan Eye Center said it was informed about a data compromise incident on December 9, 202, and launched an investigation which concluded on July 24, 2023, that an unauthorized individual was able to access at least some historical patient archives maintained by iMedicWare between May 18, 2020, and July 23, 2020.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The records included information such as names, birth dates, telephone numbers, insurance coverage information, Social Security numbers, service locations, dates of service, and health statuses. It was not possible to determine exactly which patient records were accessed, so notification letters were sent to all individuals who received services on or before July 23, 2020. Complimentary credit monitoring services have been offered to the affected individuals.
Milan Eye Center confirmed it no longer uses iMedicWare as its electronic health record vendor and said additional technical safeguards and policies have been implemented to enhance information system security.
NOW Health Group Suffers Phishing Attack
Bloomingdale, IL-based NOW Health Group, Inc. has recently determined that the protected health information of 4,661 individuals was compromised in a phishing attack. The attack was detected on or around March 17, 2023, when suspicious activity was identified in its email environment. The forensic investigation determined that unauthorized individuals gained access to certain employee email accounts between March 17 and March 20. A review of the emails and documents in the accounts was completed on July 6, 2023. The information potentially compromised included names and Social Security numbers.
Additional safeguards have been implemented to improve email security and further training has been provided to employees to help them identify phishing attempts. Complimentary credit monitoring services have been offered to the affected individuals.
Mountain View Family Practice Reports June 2023 Cyberattack
Mountain View Family Practice in Baldwinville, MA, has alerted 5,139 about a June 11, 2023, cyberattack on its systems. The forensic investigation determined that an unauthorized individual had access to its systems between June 10 and June 11, 2023, and viewed and potentially obtained certain data stored on its systems, including names and Social Security numbers. Notifications were sent to the affected individuals on August 31, 2023, and credit monitoring and identity theft protection services have been offered.