Ransomware Attack Announced by Codman Square Health Center
Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients.
The incident was detected on November 28, 2022, and third-party digital forensics experts were engaged to investigate the security breach and determine the nature and scope of the attack. The investigation confirmed that unauthorized individuals gained access to parts of its network between November 23 and November 28, and during which time they may have viewed or acquired files containing patient data.
Codman Square Health Center said it was confirmed on January 25, 2023, that a folder on the compromised part of its network contained patient data, although it was not possible to tell if that folder was accessed. The files in that folder included names, addresses, birth dates, medical record numbers, diagnoses, treatment information, and claims information.
Notifications are being sent to affected individuals and steps have been taken to improve privacy and security and prevent further incidents of this nature.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Email Exposure Reported by Community Health Centers of Greater Dayton
Community Health Centers of Greater Dayton in Ohio has recently announced that the protected health information of 516 patients has been exposed as a result of an email error. On February 2, 2023, a business associate was sent an email that included a list of patients’ dental appointments. The business associate was authorized to receive that information; however, the email was not encrypted and therefore could have been intercepted.
The list included patient names, dates of birth, medical record numbers, appointment dates/times, and a brief description of why the appointment was booked. The risk of misuse of the data is believed to be low, but notification letters have been sent alerting patients about the HIPAA breach. Additional safeguards have been implemented and the staff has been retrained on how to send emails securely.