One Community Health Patients Informed Regarding a Cyberattack and Data Theft in April 2021

One Community Health based in Sacramento, CA has recently informed patients about the compromise of its systems between April 19 and April 20, 2021. It was discovered that an unauthorized individual has acquired access to systems that contain the personal data and protected health information (PHI) of some workers and patients.

A complete forensic inspection was performed by a third-party cybersecurity agency to find out the nature and magnitude of the attack, and One Community Health was alerted on October 6, 2021, that the attacker had exfiltrated files from its network comprising full names and one or more of the following data elements: telephone number, address, other demographic data, email address, date of birth, driver’s license number, Social Security number, insurance details, diagnosis details, and treatment data.

One Community Health began sending breach notification letters to all affected patients on November 22, 2021. There were no reported incidents of identity theft or fraud; nevertheless, complimentary credit monitoring services have been provided to impacted people as a safety measure against identity theft and fraud.

One Community Health stated it has been working with cybersecurity specialists to improve its security against cyberattacks, and has improved endpoint detection, email protection, and has gotten 24/7 managed detection response.

PHI Disclosure Due to Email Error by Eye Care Product Company

Alcon, a manufacturer of eye care products, has learned that an email error led to the disclosure of some patients’ PHI to healthcare organizations not permitted to view the PHI.

On October 5, 2021, Alcon emailed patients’ protected health information to healthcare companies to assist in billing. The emails were meant to just include details concerning each healthcare company’s patients; nonetheless, a technical problem resulted in the emails containing the information of patients of other healthcare organizations.

The emails included some data regarding patients who had lately got an Alcon intraocular lens implant, specifically, first and last names, dates of implant, device serial numbers, and names of treating physicians.

All healthcare companies who acquired the email were called and informed to erase the email and Alcon has evaluated and updated its policies and processes to avoid identical breaches later on. Because of the nature of the data compromised and the entities that obtained the data, Alcon believes no patient information will be used in the wrong way.