The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by Neurology and Fertility Centers in Nevada and California

Posted By on Oct 4, 2022

Neurology Center of Nevada Cyberattack Impacts 11,700 Patients

The Neurology Center of Nevada (NCNV), in Henderson, NV, has confirmed a data security event was detected on July 17, 2022, which rendered certain computer systems inaccessible.  Prompt action was taken to secure its systems and an investigation was launched to determine the nature and scope of the security breach, with assistance provided by third-party cybersecurity experts. The investigation confirmed that the threat actors behind the attack had access to its systems for more than a month between June 12, 2022, and July 17, 2022, and during that time, files on its systems were subjected to unauthorized access.

The compromised files contained full names, addresses, dates of birth, gender, driver’s license numbers, Social Security numbers, health insurance information, and medical information, such as diagnosis/treatment information, lab results, and medications. Affected individuals have been notified by mail and advised to monitor their accounts, credit reports, and explanation of benefits statements for unusual activity. NCNV said additional administrative and technical safeguards have been implemented to protect against future security breaches.

The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 11,700 patients.

Northern California Fertility Medical Center Notifies Patients About Attempted Ransomware Attack

Sacramento, CA-based Northern California Fertility Medical Center (NCFMC) has recently announced that it detected and stopped an attempted ransomware attack on its network. The attack was detected on July 24, 2022, and immediate action was taken to contain the attack, secure its systems, and eject the threat actors from its network. A third-party cybersecurity company was engaged to assist with the investigation and incident response and determine the extent and scope of the breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

NCFMC said no evidence was found to indicate there had been any misuse of patient data, but during the time of unauthorized access to its systems, some sensitive data was exposed, including names and the statuses of ultrasounds performed at NCFMC, and/or cryopreserved tissue stored at NCFMC. No Social Security numbers or financial information were stored on the systems accessed in the attack.

NCFMC said it has altered its tools, policies, and procedures relating to the security of its systems and servers. Complimentary credit monitoring and identity theft protection services have been offered to affected individuals through CyberScout. 12,145 individuals have been affected by the incident.

2,000-Record Data Breach Reported by The Coeur Group

Cynthia Paul, M.D., LLC, a psychiatrist doing business as The Coeur Group, in Omaha, NE, has notified 2,020 patients that some of their protected health information has potentially been accessed by an unauthorized individual who gained access to an employee’s email account. The unauthorized access was detected on July 26, 2022, with the investigation confirming the breach occurred between June 7, 2022, and July 12, 2022.

A comprehensive review of the affected email account confirmed it contained patient information such as names, addresses, dates of birth, and other demographic information, health insurance information, and limited clinical information, such as provider names, diagnoses/conditions, and medication information. A limited number of individuals also had their Social Security numbers and credit card information exposed.

In response to the breach, new authentication requirements have been implemented, including multifactor authentication, network procedures have been strengthened, firewalls have been enhanced, and additional alerts have been set up to warn about potential unauthorized access. Affected individuals have been offered a one-year membership to a credit monitoring service.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist