Roundup of Recent Healthcare Data Breaches

Email Accounts Breach at Summit Behavioral Healthcare

Summit Behavioral Healthcare based in Brentwood, TN found out about the breach of two staff email accounts starting in May 2020. This provider of behavioral health services manages 18 addition treatment centers throughout America.

An independent forensics company was involved to look into the breach and affirmed on January 21, 2021 that the breached accounts held protected health information and unauthorized men and women may have accessed or gotten PHI.

The data included in the accounts differed from person to person and might have involved names along with at least one of the following types of information: diagnosis or symptom data, treatment details, prescribed medication data, medical insurance numbers, medical background, Social Security number, financial account details, Medicare/Medicaid identification numbers, and healthcare provider data.

Summit Behavioral Healthcare already notified the affected people and provided a complimentary one-year credit monitoring and identity theft protection services membership.

Email Account Compromised at Jacobson Memorial Hospital and Care Center

Jacobson Memorial Hospital and Care Center located in Elgin, ND has learned that an unauthorized individual viewed an email account that contains the PHI of 1,547 patients.

The hospital discovered the breach approximately on August 5, 2020 and an independent cybersecurity agency was retained to look into the breach and ascertain whether any records were accessed. It looks like the attack was done as a way to distribute spam email messages using the account; nonetheless, it’s probable that patient files were accessed.

The account comprised names, birth dates, addresses, email addresses, telephone numbers, Social Security numbers, credit card numbers, insurance policy numbers, bank account numbers, and various health details.

The latest organization-wide security system has already been enforced, guidelines and procedures were kept up to date, and extra training was offered to personnel and vendors on data security. Jacobson Memorial Hospital and Care Center provided the impacted persons free credit monitoring and identity theft restoration services.

Twelve Oaks Recovery Finds Malware Infection and Data Theft

Twelve Oaks Recover based in Navarre, FL, an addiction and mental health treatment facility, has found out that an unauthorized person accessed its system, infected it with malware, and stole records. The attack was discovered on December 13, 2020 after finding strange network activity. Conducting a forensic investigation affirmed the deployment of malware on December 13. A data exfiltration was confirmed to have happened the following day.

An evaluation of the records acquired by the attacker showed that they included the PHI of 9,023 patients, and contained names, birth dates, addresses, Social Security numbers and medical record numbers.

Twelve Oaks Recovery has improved its network tracking tools and undertaken steps to avoid the same breaches from happening again.

Kaiser Permanente Terminates Worker for Improper PHI Access

Kaiser Permanente has terminated a worker for accessing the medical records of members with no authorization. The provider detected the privacy breach on December 28, 2020 and upon investigation, it was confirmed that information was accessed with no reasons associated with the healthcare service needs of members. The types of data compromised included names, addresses, email addresses, phone numbers, birth dates, and pictures. No other sensitive data was compromised

Kaiser Permanente is going over its guidelines and procedures and will be enforcing more safety measures, as needed, to avoid the same privacy breaches later on.