34K-Record Data Breach Reported by Aesthetic Dermatology Associates
Pennsylvania-based Aesthetic Dermatology Associates has recently confirmed that its network has been accessed by unauthorized individuals who potentially viewed and/or acquired files containing the personal and protected health information of 33,793 current and former patients.
The cyberattack was detected on August 15, 2022, when suspicious activity was detected within its network. An investigation was launched to determine the nature and scope of the attack, which confirmed that unauthorized individuals had accessed its network, although the nature of the attack and length of time its network was compromised were not disclosed.
A comprehensive review of all files on the compromised parts of the network was completed on September 3, 2022, and confirmed the breach was limited to names, addresses, dates of birth, diagnosis codes, and health insurance information. Aesthetic Dermatology said a review is being conducted of its policies, procedures, and controls and updates will be made, as appropriate, to improve security. At the time of issuing notifications, no reports had been received to suggest any misuse of patient data.
Records of Almost 6,500 Patients Exposed in Ransomware Attack on Family Medicine Shady Grove
Family Medicine Shady Grove in Rockville, MD, has confirmed that it was the victim of an August 9, 2022, ransomware attack. Unauthorized individuals gained access to an internal server and encrypted files. The healthcare provider confirmed that patient medical records were not affected, as they were stored in a cloud-based system; however, the server did contain explanations of benefits and monthly billing printouts, which contained names, addresses, and dates of birth. No Social Security numbers or credit card information were exposed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Family Medicine Shady Grove said a computer forensics team was engaged to assist with the investigation and that it was possible to recover and restore the affected files. That process was completed on September 5, 2022. No evidence of data theft was identified during the investigation and there have been no reports that suggest patient data has been misused. Steps have since been taken to improve data security to prevent further attacks in the future. The breach has been reported to the HHS’ Office for Civil Rights as affecting 6,482 patients.
UW Medicine Affected by Ransomware Attack on Mail Service Vendor
UW Medicine in Seattle has confirmed that the protected health information of 3,800 patients was potentially compromised in a ransomware attack on its mail service vendor, Kaye-Smith. The investigation uncovered no evidence to suggest patient information has been misused; however, as a precaution, Kaye Smith has offered affected individuals complimentary credit monitoring and identity theft protection services.
Kaye-Smith notified UW Medicine about the breach on August 24, 2022, and confirmed that the attackers had access to Patient Account & Support Services statements and letters that were being sent in relation to billing services, which included information such as names, addresses, account numbers, medical record numbers, treatment provider names and descriptions of medical services.
In addition to the 3,800 UW Medicine patients, the breach affected 6,750 patients of Seattle Children’s, 2,857 Geisinger patients, and Kaye-Smith Enterprises self-reported the breach as affecting 2,857 individuals.
