The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lifeline Systems Company Notifies Patients About August 2022 Cyberattack

Posted By on Sep 8, 2023

Lifeline Systems Company, a Marlborough, MA-based provider of patient alarm systems has recently notified 74,849 individuals about a data breach that occurred more than a year ago. According to the notification letters, unusual network activity was detected on August 6, 2022. Incident response protocols were immediately initiated, and a third-party computer forensic investigation was launched to investigate the nature of the incident.

The investigation confirmed that an unauthorized individual had access to its systems from July 27, 2022, to August 6, 2022, and accessed certain documents on its systems during that period. On August 18, 2022, Lifeline determined the documents included information for subscribers, employees, and individuals eligible to receive Lifeline services. The exposed information included names, driver’s license numbers, and Social Security numbers.

Due to the length of time taken to perform the document review, notification letters could not be sent until September 7, 2023. Complimentary credit monitoring services have been offered to individuals who had their Social Security number or driver’s license number exposed. Lifeline said it has enhanced its network monitoring capabilities and will continue to conduct audits of its systems to look for unauthorized activity.

Milan Eye Center Reports Breach at EHR Vendor

Milan Eye Center, an Atlanta, GA-based network of eye surgery centers, has started notifying 67,336 patients that some of their protected health information was compromised in an incident at its third-party vendor, iMedicWare Inc.  Milan Eye Center said it was informed about a data compromise incident on December 9, 202, and launched an investigation which concluded on July 24, 2023, that an unauthorized individual was able to access at least some historical patient archives maintained by iMedicWare between May 18, 2020, and July 23, 2020.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The records included information such as names, birth dates, telephone numbers, insurance coverage information, Social Security numbers, service locations, dates of service, and health statuses. It was not possible to determine exactly which patient records were accessed, so notification letters were sent to all individuals who received services on or before July 23, 2020. Complimentary credit monitoring services have been offered to the affected individuals.

Milan Eye Center confirmed it no longer uses iMedicWare as its electronic health record vendor and said additional technical safeguards and policies have been implemented to enhance information system security.

NOW Health Group Suffers Phishing Attack

Bloomingdale, IL-based NOW Health Group, Inc. has recently determined that the protected health information of 4,661 individuals was compromised in a phishing attack. The attack was detected on or around March 17, 2023, when suspicious activity was identified in its email environment. The forensic investigation determined that unauthorized individuals gained access to certain employee email accounts between March 17 and March 20. A review of the emails and documents in the accounts was completed on July 6, 2023. The information potentially compromised included names and Social Security numbers.

Additional safeguards have been implemented to improve email security and further training has been provided to employees to help them identify phishing attempts. Complimentary credit monitoring services have been offered to the affected individuals.

Mountain View Family Practice Reports June 2023 Cyberattack

Mountain View Family Practice in Baldwinville, MA, has alerted 5,139 about a June 11, 2023, cyberattack on its systems. The forensic investigation determined that an unauthorized individual had access to its systems between June 10 and June 11, 2023, and viewed and potentially obtained certain data stored on its systems, including names and Social Security numbers. Notifications were sent to the affected individuals on August 31, 2023, and credit monitoring and identity theft protection services have been offered.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist