The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

First Choice Community Healthcare Data Breach Affects 101,000 Patients

Posted By on Aug 5, 2022

First Choice Community Healthcare in Albuquerque, NM, has started notifying certain patients that an unauthorized individual gained access to its network and potentially stole patient data. In a substitute breach notification, First Choice explained that unusual activity was detected within its technological environment on March 27, 2022. A third-party cybersecurity firm was engaged to conduct a forensic investigation and determine the nature and scope of the breach. While it was not possible to confirm if any files had been accessed or exfiltrated, the possibility could not be ruled out.

A comprehensive review of the affected files was completed on June 3, 2022, which confirmed that the following information had potentially been compromised: names, Social Security numbers, First Choice patient ID number, diagnosis, and clinical treatment information, medications, dates of service, health insurance information, medical record number, patient account number, date of birth, and provider information. Affected individuals were notified about the breach by mail on August 1, 2022, and have been offered complimentary identity theft protection services through IDX.

The HHS’ Office for Civil Rights website indicates 101,541 individuals have been affected.

Arlington Skin Notifies 17,468 Patients About Electronic Medical Record Data Breach

Dr. Michelle A. Rivera, MD, doing business as Arlington Skin in Virginia, has started notifying 17,468 patients that their protected health information may have been accessed by unauthorized individuals in a security breach at business associate, Virtual Private Network Solutions (VPN Solutions).

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

VPN Solutions managed the electronic medical records of patients of Arlington Skin via the Allscripts practice management solution and electronic medical records platform. The cyberattack was discovered by VPN Solutions on or around October 31, 2021, and the forensic investigation confirmed that the information potentially compromised in the attack included names, addresses, dates of birth, diagnostic and treatment information, health insurance information, and Social Security numbers.

Notification letters started to be sent to affected individuals on July 8, 2022. No evidence of data theft was found but, as a precaution, fraud assistance and remediation services have been provided to affected individuals through CyberScout.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist