The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

St. Luke’s Health Reports Third Party Data Breach

Posted By on Nov 7, 2022

St. Luke’s Health has recently notified 16,906 patients that some of their protected health information has been exposed in a security incident at a vendor that provides consulting services. On November 5, 2021, the email accounts of two employees of Adelanto Healthcare Ventures (AHCV) were accessed by an unauthorized individual.

An investigation was launched into the incident, which initially determined no patient information had been exposed; however, a subsequent review determined the information of certain St. Luke’s Health patients was present in the email accounts and could potentially have been accessed or acquired by the attackers. The exposed information included names, addresses, dates of birth, Social Security numbers, dates of service, medical record numbers, Medicaid numbers, and some limited clinical information, such as treatment and diagnosis codes. St. Luke’s Health was notified about the breach on September 1, 2022

St. Luke’s Health explained in its breach notification letters that no reports have been received that suggest there has been any misuse of patient data; however, as a precaution, AHCV is offering affected individuals complimentary identity theft and credit monitoring services.

St. Luke’s Health is currently recovering from a ransomware attack on its parent company, CommonSpirit Health, that occurred more than a month ago. CommonSpirit Health is still facing disruption to business operations as a result of the attack but has now restored the MyChart patient portal and providers can now access their patients’ electronic medical records.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Tift Regional Health System Investigating Cyberattack and Data Breach

Tift Regional Health System (TRHS) in Tifton, GA, has recently announced that its systems have been compromised and that the attackers potentially accessed and obtained the protected health information of some of its patients. The unauthorized system access occurred on or around August 16, 2022. Prompt action was taken to secure its systems and an investigation was launched to determine the nature and scope of the attack.

TRHS said files on its systems were not encrypted, and its electronic medical record system was not accessed; however, the forensic investigation was unable to rule out unauthorized access and theft of files that contained patient information. The files on the compromised part of the network contained Social Security numbers, patient identification numbers, driver’s license numbers, medical information, treatment information, diagnosis information, health insurance information, and dates of birth.

TRHS said it is reviewing its existing policies and procedures regarding cybersecurity and additional safeguards are being evaluated to protect against this type of incident in the future. The breach has been reported to the HHS’ Office for Civil Rights as affecting 500 individuals. That number is often used as a placeholder until the full extent of the breach is known.

Wenco Management Reports Breach of Health and Welfare Benefit Plan Member Data

The protected health information of 20,526 employees of Wenco Management, LLC, has been exposed and potentially obtained by unauthorized individuals. Wenco Management operates the Wendy’s fast-food chain. Affected employees were members of its Health and Welfare Benefit Plan.

Wenco Management identified the breach on August 21, 2022. After its systems were secured, a forensic investigation was launched to determine the nature and scope of the breach, which confirmed an unauthorized individual had accessed its network and potentially viewed and obtained employee records that included names, Social Security numbers, and plan selection information. The breach occurred on the same day it was identified and blocked. Affected individuals have been offered complimentary credit monitoring services. Wenco Management said it has taken steps to improve the security of its systems to prevent further data breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist