Breaches at Central California Alliance for Health, Hutton & Hale, D.D.S., Inc. and Wisconsin Department of Corrections
The Central California Alliance for Health learned that an unauthorized person obtained access to a number of employees’ email accounts and most likely read or stolen data in email messages and file attachments. The healthcare organization discovered the breach on May 7, 2020 and took fast action to protect the impacted accounts. In all cases, the accounts were viewed for approximately an hour.
An analysis of the breached accounts showed they comprised a small amount of protected health information (PHI) of Central California Alliance for Health members like Alliance Care management program information, birth dates, claims details, demographic data, Medi-Cal ID numbers, referral data, and health care details. There was no breach of financial data or Social Security numbers.
Subsequent to the breach, Central California Alliance for Health executed a total password reset for every email account, this includes the email accounts that weren’t exposed. Employees likewise got additional training regarding email security.
Central California Alliance for Health by now submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights specifying that 35,883 members were impacted.
Wisconsin Department of Corrections Breach Affects 1,853 People
The Wisconsin Department of Corrections found out that the data of people located in its treatment centers was compromised on the sites of three vendors hired to handle canteen purchases. An employee found the information on May 15, 2020. Impacted people were alerted on June 15, 2020.
The breached data was minimal including names and data concerning the treatment facility in their location. That data needs to be encrypted on the web pages. The issue is already remedied and the data is not available any more on the web.
Hacking of Hutton & Hale, D.D.S., Inc. Affects 8,394 Patients
Dr. Ann Hale of Hutton & Hale, D.D.S., Inc. began informing 8,394 patients regarding the likely exposure of their PHI due to hacking of the practice’s stored data and computer networks on May 25, 2020.
Those systems stored patients’ medical records and PHI including names, contact phone numbers, addresses, X-ray information, and Social Security numbers.
All impacted patients were given free of charge one-year membership to identity theft protection and credit monitoring services and will be covered by a $1,000,000 identity theft insurance plan. Thus far, there are no reports obtained that indicate the improper use of any patient data.
The practice is incorporating more safety measures to its web server infrastructure to avert more security breaches.