SundaySky Cyberattack Impacts 37,000 Health Plan Members
SundaySky, a New York-based provider of software solutions to businesses for creating marketing videos, has recently announced that unauthorized individuals gained access to servers in its cloud environment and may have obtained customer data. Unauthorized access was detected on January 8, 2023, and the forensic investigation confirmed that files were exfiltrated between January 6 and January 8, 2023. Those files contained customer-provided health plan information from December 2018 to January 2019.
SundaySky worked with the health plan provider to determine the compromised information, and the review was completed on February 20, 2023. Notifications have now been sent to the 37,095 affected individuals. The types of data compromised included first names, personal email addresses, Healthcare Savings Account (HSA) effective date and deductible, and information related to copay. SundaySky said additional technical safeguards have now been implemented for its cloud environment to prevent similar breaches in the future.
Postal Prescription Service Impermissibly Disclosed Patient Names to Kroger
Healthy Options Inc., which does business as Postal Prescription Service (PPS), has announced an impermissible disclosure of limited patient information to its affiliated grocery business. On January 10, 2023, PPS discovered that the names and email addresses of 82,466 patients had been shared with the Kroger Co. and were used to create grocery accounts for those individuals. The affected individuals had created an online PPS account between July 2014 and January 13, 2023.
PPS said the impermissible disclosure was due to an internal error and its website has since been updated to address the problem. Affected individuals have been notified by mail.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Texas Medical Liability Trust Alerts Policyholders About PHI Breach
Texas Medical Liability Trust has recently notified 625 medical insurance policyholders that some of their personally identifiable information has been exposed. Suspicious network activity was detected on or around October 12, 2022, and the investigation confirmed that unauthorized individuals had access to parts of its network between October 2, 2022, and October 13, 2022.
The review of the affected files was completed on December 12, 2022, and affected individuals were notified on January 13, 2023, by Texas Medical Liability Trust on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance, Inc., a Risk Retention Group.
The exposed information included names, Social Security numbers, driver’s license numbers, and financial account information. Texas Medical Liability Trust said additional safeguards have been implemented and employees have received further training. Affected individuals have been offered complimentary credit monitoring services for 12 months.
