SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. Unauthorized activity was identified in South Coast Health’s network on June 18, 2023, and assisted by forensic specialists, it was determined that its network was accessed by an unauthorized third party between June 15 and June 18, 2023. During that time, files on the network were viewed or copied.
South Coast Health confirmed that the intrusion was limited to its own network, with Privia Medical Group’s network unaffected; however, some Privia Medical Group patients did have their information exposed. The substitute breach notice provided to the South Carolina Attorney General does not list the types of data compromised in the attack, but that information is detailed in the individual notifications.
A substitute notice was posted on its website last year warning patients that they may have been affected, but at the time it was unclear how many patients had been affected or the types of data involved. The review of the affected files was not completed until June 13, 2024. South Coast Health said it had strict security measures in place to prevent unauthorized access to its network, but those measures were circumvented. Additional security measures have now been implemented to prevent similar incidents in the future. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. The HHS Office for Civil Rights breach portal still shows the interim figure of 501 affected individuals.
Call 4 Health Issues Notifications About March 2024 Cyberattack
Call 4 Health, Inc., a Delray Beach, FL-based medical call center operator and nurse triage service provider, has recently issued individual notifications to individuals affected by a data security incident that occurred on March 20, 2024. Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.
Third-party cybersecurity experts were engaged to assist with the investigation and confirmed that its network had been hacked, and its systems were accessible for around 6 weeks. In addition to investigating the breach, assistance was provided in securing its digital environment and hardening network security. Call 4 Health also said it will be enhancing its cyber preparedness through additional awareness training and updating its procedures.
In its notice to the Maine Attorney General, Call 4 Health confirmed that the breached data included information related to employment and human resources, with the July 8, 2024 breach report stating that 3,210 individuals had been affected, including 1 Maine resident. The incident was reported to the Department of Health and Human Services on March 17, 2024, indicating the protected health information of 10,434 individuals had been exposed. Complimentary credit monitoring and identity restoration services are being offered to some of the affected individuals.
Clear Spring Health Notifies Patients About Change Healthcare Data Breach
Clear Spring Health, a Miramar, FL-based provider of PPO, HMO, and PDP advantage plans, has notified Medicare beneficiaries that their data may have been compromised in the February 2024 ransomware attack on Change Healthcare. In a website notice, Clear Spring Health explained that Change Healthcare confirmed on or around March 7, 2024, that the attackers had exfiltrated a substantial amount of data in the attack, which had potentially affected one in three Americans.
Change Healthcare is still conducting the document review to determine exactly which individuals have had their data exposed or stolen, and notification letters are expected to be mailed on behalf of its clients by the end of the month. Clear Spring Health said the types of data that may have been exposed include contact information, health insurance information, health information, billing information, and personal information, including Social Security numbers, driver’s license numbers, state ID numbers, and passport numbers. Clear Spring Health has advised the affected Medicare beneficiaries to take advantage of the two years of free credit monitoring services that Change Healthcare is offering.
The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal.