Azura Vascular Care Reports Data Breach Affecting 348,000 Patients
Azura Vascular Care, a Pennsylvania-based operator of 70 outpatient vascular centers and ambulatory surgery centers in 25 states and Puerto Rico, notified the HHS’ Office for Civil Rights last month about a cybersecurity incident involving the protected health information of 348,000 patients.
The incident was detected on November 9, 2023. Cybersecurity experts were engaged to assist with the investigation, which confirmed that unauthorized individuals accessed certain systems on or before September 27, 2023, and encrypted certain files. On November 15, 2023, it was confirmed that some of the files that were available to the hackers contained patient data such as names, mailing addresses, dates of birth, and other demographic and contact information, including emergency contact information, Social Security numbers, insurance information, diagnosis and treatment information, and other information from medical or billing records.
Some guarantor information was also exposed, including names, mailing addresses, telephone numbers, dates of birth, Social Security Numbers, and email addresses. Azura Vascular Care said individuals who had sensitive information exposed such as Social Security numbers have been offered complimentary identity protection, credit monitoring, and fraud resolution services.
Covenant Care California Assessing Scope of Cyberattack
Covenant Care California, LLC, which operates skilled nursing facilities and home health agencies throughout California and Nevada, has confirmed there has been unauthorized access to files containing the personal and protected health information of patients and other individuals. The cyberattack was detected on November 14, 2023, and while the investigation is ongoing, it has been determined that files were removed from its network between November 12 and November 14.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The incident has affected current and former patients, prospective patient referrals, and responsible parties of patients who received services from a facility or agency operated by Covenant Care, including rehabilitation services provided through a company called AFFIRMA and home health services provided under the names Focus Health, Elevate Home Health, Choice Home Health Care, and San Diego Home Health.
The list of affected individuals has yet to be finalized, but Covenant Care California has confirmed that the incident involved the following information: name, date of birth, medical information, and/or health insurance information, including diagnosis or treatment information and/or claims and billing information. For some individuals, the information may include also Social Security number, financial account or credit/debit card numbers, driver’s license or state/federal identification number, and/or other personal information.
The breach has been reported to the HHS’ Office for Civil Rights with an interim total of 501 individuals, which will be updated when the investigation concludes. Affected individuals are being offered credit monitoring and identity theft restoration services at no cost.
Cooper Aerobics Announces 124K-Record Data Breach
Cooper Aerobics, on behalf of Cooper Clinic, Cooper Medical Imaging, and Cooper Aerobics Enterprises in Texas, has notified 124,341 individuals that some of their protected health information was exposed in a cyberattack in early 2023. It is not clear from the notification letters when the intrusion occurred. After a comprehensive investigation and file review, Cooper Aerobics learned on December 8, 2023, that files containing the personal and protected health information of patients were potentially removed from its network on February 3, 2023.
Patients have been notified that the following information was potentially involved: name, address, phone number, email address, date of birth, credit or debit card number (including expiration date, and financial account and routing number), tax identification number, driver’s license or government identification, passport number, username and password, Social Security number, and health information (including medical record/patient account number, prescription information, medical provider, and medical procedures), and health insurance information.
Cooper Aerobics started notifying the affected individuals on January 5, 2024 and said it continually evaluates and modifies its practices and internal controls to protect against unauthorized access and will continue to do so.
6,000 Individuals Impacted by Ransomware Attack on Colorado Ophthalmology Associates
Colorado Ophthalmology Associates (COA) has recently disclosed a ransomware attack that was discovered on November 14, 2023. Data exfiltration is common in ransomware attacks, but no evidence of data theft was identified during the forensic investigation. COA said that the attack involved automated encryption and resulted in the loss of electronic medical record files for patient visits or exams conducted between April 10, 2023, and November 14, 2023.
The forensic investigation confirmed that the intrusion began as early as October 4, 2023, and ended on November 14, 2023. The types of information exposed in the attack were limited to names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, insurance information, dates of service, types of services, diagnoses, conditions, prescriptions, test results, medications, and other treatment information. The incident has been reported to the HHS’ Office for Civil Rights as affecting up to 6,020 individuals.
