Healthcare Data Breaches at Fairchild Medical Center, Indian Health Council Inc. and Harvard Pilgrim Health Care

Fairchild Medical Center located in Yreka, CA, started informing a number of patients about the likely access of their protected health information (PHI) by unauthorized individuals online.

In July 2020, a third-party security company advised Fairchild Medical Center regarding a misconfigured server, which permitted access over the web. With the assistance of third-party computer experts, the medical center confirmed that unauthorized persons
could have accessed patient information.

The server stored medical images that include patient names, dates of birth, exam identification numbers, patient ID numbers, names of ordering provider, and dates of examination. The misconfiguration transpired on December 16, 2015 and was just fixed on July 31, 2020. A third-party security firm validated the security of the server after making the required adjustments.

A forensic investigation cannot ascertain if unauthorized persons accessed patient data in the period the server was open, however, the possibility can’t be eliminated.

Indian Health Council Inc Experiences Ransomware Attack

A ransomware attack on Indian Health Council Inc. in Valley Center, CA happened in September 2020 bringing about file encryption that likely affected the PHI of patients. Indian Health Council discovered the ransomware attack on September 22, 2020 and called in third-party computer forensic specialists to help with the investigation.

An analysis of the files the attacker got access to shows that some files included patient data for instance names, birth dates, health details, and health insurance data and, for some people, details about medical conditions, treatment, or diagnosis data.

After the cyber attack, Indian Health Council Inc altered passwords and toughened security to avert more attacks. It also carried out extra measures or controls such as remote access and multi-factor authentication.

All patients affected by the attack have now gotten notification letters. The breach report sent to the Office for Civil Rights shows that the attack possibly impacted 5,769 persons.

Mismailing Incident At Harvard Pilgrim Health Care

Harvard Pilgrim Health Care is informing 8,022 people concerning a software mistake in its enrollment data management system. The error resulted in the association of an individual’s mailing address with another address linked to the health plan of that individual. Due to the error, certain mailings were misdirected to the address of a subscriber of the person’s health plan or to a past address. Harvard Pilgrim Health Care tracked back the problem to an error that took place in 2013.

The types of information that might have been exposed differed from mailing to mailing and probably involved the name of the member, ID number, date of birth, phone number, provider names, dates of service, treatment data, deductibles, charges for services, co-pay amount, and co-insurance details linked to healthcare coverage.

The matter has already been fixed and the method of system updates has been assessed and improved. Impacted persons were advised to look at their Activity Summaries and to send a report on any shady entries to Harvard Pilgrim without delay.