CentroMed Notifies 350,000 Individuals About PHI Exposure
El Centro Del Barrio, doing business as CentroMed in San Antonio, TX, has alerted 350,000 patients that some of their protected health information was potentially compromised in a hacking incident that was detected on June 12, 2023. The forensic investigation confirmed that some of its IT systems were accessed by unauthorized individuals on June 9, 2023, and access to files containing protected health information was confirmed and data theft could not be ruled out. The affected files contained the information of current and former patients, employees, and employee and provider spouses, partners, and dependents.
The affected patient data included names, addresses, dates of birth, Social Security numbers, financial account information, medical record numbers, health insurance plan member IDs, and claims data (including any diagnoses listed on claims). Employee and spouse/partner/dependent information data included names, Social Security numbers, financial account information, health insurance plan member IDs, and claims data. The affected individuals started to be notified by mail on August 11, 2023. CentroMed said additional safeguards and technical security measures have been implemented to prevent similar breaches in the future.
MOVEit Transfer Hacking Victims
Several more organizations have confirmed that they had data stolen by the Clop hacking group, which exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution.
Unum Group
Unum Group has confirmed that the protected health information of 531,732 individuals was compromised. Suspicious activity was detected within its environment on June 1, 2023, and it was confirmed on July 22, 2023, that the following data types had been compromised: name, date of birth, address, Social Security number or individual tax identification number, medical, health insurance claim, and policy information. A limited number of individuals also had financial information and/or other government-issued identification numbers compromised. Credit monitoring and identity protection services have been offered.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
UMass Chan Medical School
UMass Chan Medical School said the protected health information of 134,000 individuals was compromised in the attack. The breach was discovered on June 1, 2023, and it determined the individuals and compromised data types on July 27, 2023. The information involved varied from individual to individual and may have included the following data types: name, date of birth, mailing address, diagnosis/treatment information, prescription information, provider name, date(s) of service, claim information, health insurance member ID number, other health insurance-related information, Social Security number, and financial account information. Credit monitoring and identity protection services have been offered.
Sovos Compliance
Sovos Compliance, a provider of tax compliance and business-to-government reporting software, reported its breach to the Maine Attorney General as affecting a total of 215,114 individuals, although its OCR breach report indicates the PHI of 4,563 individuals was compromised in the attack. The breach was discovered on June 12, 2023, and the investigation confirmed personally identifiable information and Social Security numbers had been stolen. Credit monitoring and identity protection services have been offered.
Data Media Associates
Data Media Associates, an Alpharetta, GA-based value-added solutions provider, has confirmed that the data of 74,730 individuals was compromised in a MOVEit Transfer hacking incident. The compromised data included names, addresses, and high-level medical or health insurance information, such as the information that would appear on billing statements, invoices, or other claims-related documents. For a limited number of individuals, health insurance ID numbers were compromised. Notification letters started to be sent to the affected individuals on August 23, 2023. All remediation measures recommended by Progress Software have now been implemented.