The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Aesto Health and Motion Picture Industry Health Plan

Posted By on Jun 9, 2022

Aesto Health, a Birmingham, AL-based software company that provides solutions to help healthcare enterprises and medical providers exchange, organize, and protect patient information, has announced it recently experienced a cyberattack that caused disruption to certain internal IT systems.

The security breach was detected on March 8, 2022, and steps were immediately taken to prevent further unauthorized access to its systems. A third-party computer forensics company was engaged to assist with the investigation, which confirmed that an unauthorized individual had access to the affected systems from December 25, 2021, to March 8, 2022.

During that time frame, certain files were exfiltrated from a backup storage device, which include radiology reports from Osceola Medical Center (OMC) in Wisconsin. A review of the affected files confirmed they contained patients’ protected health information, including names, dates of birth, physician names, and report findings related to radiology imaging at OMC. No Social Security numbers or financial information were viewed or stolen, and OMC systems and electronic medical records were unaffected. Aesto Health said additional safeguards and technical security measures have been implemented to further protect and monitor its systems.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 17,400 patients.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Motion Picture Industry Health Plan Informs Members of Unauthorized PHI Disclosure

The Motion Picture Industry Health Plan (MPIHP) has announced that the protected health information of 16,838 plan members has been impermissibly disclosed in a mis-mailing incident. On March 31, 2022, MPIHP discovered an error with a mailing that saw information about plan members sent to incorrect mailing addresses. In each case, a letter intended for one MPIHP member was sent to an incorrect MPIHP member.

No medical information or health claims information was included in the letters, only name, address, hours worked, the last four digits of the individual’s Social Security number, and recent dates of eligibility. Notification letters have now been sent to all affected individuals to the last address provided by those participants. Affected individuals have been offered complimentary identity monitoring services for one year. MPIHP said the exact source of the error has been identified and steps have been taken to prevent any repeat mis-mailing incidents.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist