The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by University Pediatric Dentistry, OrthoNebraska, Michigan Avenue Immediate Care

Posted By on Jul 5, 2022

University Pediatric Dentistry in Buffalo, NY, has started notifying 6,843 patients that some of their protected health information has been exposed in an email security incident.

The email system was immediately secured when the breach was detected with the forensic investigation confirming that two email accounts had been accessed by an unauthorized third party between January 12, 2022, and January 19, 2022. University Pediatric Dentistry said it learned on April 25, 2022, that emails and attachments in the compromised accounts contained patient data, and information had potentially been viewed or obtained.

The compromised information included patient names, contact information, dates of birth, Social Security numbers, driver’s license numbers, government identification numbers, treatment and diagnosis information, provider names, medical record numbers, patient account numbers, prescription information, dates of service and/or health insurance information. A limited number of patients also had financial account information exposed.

Individuals who had their Social Security numbers or driver’s license numbers exposed have been offered complimentary credit monitoring and identity theft protection services. University Pediatric Dentistry said technical security measures will be implemented to further protect and monitor its email system.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Cyberattack Reported by Michigan Avenue Immediate Care

Michigan Avenue Immediate Care (MAIC) in Chicago, IL, has recently reported a hacking incident that saw an unauthorized third-party gain access to its computer network and exfiltrate files containing sensitive patient data. The cyberattack was detected on May 1, 2022, and on May 12, 2022, MAIC confirmed that the files exfiltrated from its systems included some patient information.

The types of data in the files varied from individual to individual and may have included names, addresses, telephone numbers, dates of birth, Social Security numbers, driver’s license numbers, treatment information, and/or health insurance information. Affected individuals have been notified by mail and have been offered a complimentary one-year membership of the Experian IdentityWorks Credit 3B service.

The incident has been reported to the HHS’ Office for Civil Rights as affecting 144,104 individuals.

OrthoNebraska Email Account Compromised

OrthoNebraska, an Omaha, NE-based orthopedic clinic, has recently announced that the email account of an employee has been accessed by an unauthorized individual. The breach occurred in early December 2021 and was detected when the account was used to send spam emails. A review of the affected email account confirmed the protected health information of certain patients was present in emails and attachments, and that information may have been viewed or obtained.

The exposed information included names, demographic information, driver’s license numbers, state ID numbers, usernames/passwords, Social Security numbers, medical histories, and health insurance and claims information. Affected individuals have been notified by mail and credit monitoring and identity theft protection services have been offered. To date, no reports have been received that indicate any actual or attempted misuse of patient data. OrthoNebraska said it has provided further information security training to the workforce and additional safeguards have been implemented to improve email security.

The HHS’ Office for Civil Rights breach portal shows 1,369 individuals have been affected.

Jack Hughston Memorial Hospital Investigating Cyberattack

Jack Hughston Memorial Hospital in Phoenix City, AL has recently confirmed that hackers have gained access to its network. The cyberattack forced the hospital to take its computer systems offline, which has prevented access to electronic medical records. The hospital has continued to provide care to patients under emergency downtime procedures and a third-party computer forensics firm has been engaged to assist with the investigation. At this stage of the investigation, it is unclear if, and to what extent, patient information has been compromised.

Several More Eye Care Practices Impacted by Eye Care Leaders Data Breach

The number of eye care providers affected by the data breach at Eye Care Leaders has continued to grow, with Mattax Neu Prater Eye Center in Missouri, Aloha Laser Vision in Hawaii, and Sight Partners Physicians in Washington among the latest known to be affected. At least 33 eye care providers have confirmed they have been affected by the cyberattack and the records of more than 2.9 million individuals have potentially been compromised.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist