Kannact & Vincera Institute Fall Victim to Cyberattacks
Kannact Inc., an Albany, OR-based home care service, says it detected unauthorized access to its computer network on March 13, 2023. A third-party cybersecurity firm was engaged to investigate the incident and confirmed that the parts of the network that were accessed contained patients’ protected health information, although, at this stage of the investigation, it is unclear if patient data was viewed or copied from its systems. Kannact has received no reports at the time of providing notice to indicate any misuse of patient data.
The review of the files that could potentially have been accessed revealed they contained a range of information, which varied from individual to individual. Information potentially compromised included names in combination with one or more of the following data elements: date of birth, address, phone number, Social Security Number, driver’s license number, and health information such as medical diagnosis, treatment information, and pharmaceutical records.
Kannact said that it disabled its third-party managed file transfer software, deactivated all related API keys, and is improving its patient data ingestion process. Individuals whose Social Security and driver’s license numbers were impacted have been offered complimentary credit monitoring and identity theft protection services.
The incident was reported to the HHS’ Office for Civil Rights on June 20, 2023, as affecting up to 103,547 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Vincera Institute Falls Victim to Ransomware Attack
Vincera Institute in Philadelphia, PA, has confirmed that it fell victim to a ransomware attack on April 29, 2023. Immediate action was taken to secure its systems to prevent further unauthorized access to its network and patient information, and cybersecurity professionals were engaged to investigate the incident. In a June 20, 2023, press release, Vincera Institute said the investigation into the data breach is ongoing, but it has been determined that the threat actors behind the attack had access to parts of its network that contained patient information; however, unauthorized access to and misuse of patient data has not been detected.
The files potentially accessed in the attack included full names, addresses, phone numbers, email addresses, Social Security numbers, date of birth, medical histories and treatment records, insurance information, and other information provided by patients. Security safeguards have been enhanced in response to the incident, and monitoring processes have been improved.
The incident was reported to the HHS’ Office for Civil Rights on June 20, 2023, in four breach reports, covering Vincera Imaging LLC (5,000 individuals), Vincera Rehab LLC (5,000 individuals), Vincera Surgery Center (5,000 individuals), and Core Performance Physicians, dba Vincera Core Physicians (10,000 individuals).