The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CentroMed Notifies 350,000 Individuals About PHI Exposure

Posted By on Aug 22, 2023

El Centro Del Barrio, doing business as CentroMed in San Antonio, TX, has alerted 350,000 patients that some of their protected health information was potentially compromised in a hacking incident that was detected on June 12, 2023. The forensic investigation confirmed that some of its IT systems were accessed by unauthorized individuals on June 9, 2023, and access to files containing protected health information was confirmed and data theft could not be ruled out. The affected files contained the information of current and former patients, employees, and employee and provider spouses, partners, and dependents.

The affected patient data included names, addresses, dates of birth, Social Security numbers, financial account information, medical record numbers, health insurance plan member IDs, and claims data (including any diagnoses listed on claims). Employee and spouse/partner/dependent information data included names, Social Security numbers, financial account information, health insurance plan member IDs, and claims data. The affected individuals started to be notified by mail on August 11, 2023. CentroMed said additional safeguards and technical security measures have been implemented to prevent similar breaches in the future.

MOVEit Transfer Hacking Victims

Several more organizations have confirmed that they had data stolen by the Clop hacking group, which exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution.

Unum Group

Unum Group has confirmed that the protected health information of 531,732 individuals was compromised. Suspicious activity was detected within its environment on June 1, 2023, and it was confirmed on July 22, 2023, that the following data types had been compromised: name, date of birth, address, Social Security number or individual tax identification number, medical, health insurance claim, and policy information. A limited number of individuals also had financial information and/or other government-issued identification numbers compromised. Credit monitoring and identity protection services have been offered.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

UMass Chan Medical School

UMass Chan Medical School said the protected health information of 134,000 individuals was compromised in the attack. The breach was discovered on June 1, 2023, and it determined the individuals and compromised data types on July 27, 2023. The information involved varied from individual to individual and may have included the following data types: name, date of birth, mailing address, diagnosis/treatment information, prescription information, provider name, date(s) of service, claim information, health insurance member ID number, other health insurance-related information, Social Security number, and financial account information. Credit monitoring and identity protection services have been offered.

Sovos Compliance

Sovos Compliance, a provider of tax compliance and business-to-government reporting software, reported its breach to the Maine Attorney General as affecting a total of 215,114 individuals, although its OCR breach report indicates the PHI of 4,563 individuals was compromised in the attack. The breach was discovered on June 12, 2023, and the investigation confirmed personally identifiable information and Social Security numbers had been stolen. Credit monitoring and identity protection services have been offered.

Data Media Associates

Data Media Associates, an Alpharetta, GA-based value-added solutions provider, has confirmed that the data of 74,730 individuals was compromised in a MOVEit Transfer hacking incident. The compromised data included names, addresses, and high-level medical or health insurance information, such as the information that would appear on billing statements, invoices, or other claims-related documents. For a limited number of individuals, health insurance ID numbers were compromised. Notification letters started to be sent to the affected individuals on August 23, 2023. All remediation measures recommended by Progress Software have now been implemented.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist