The Texas Medical Liability Trust (TMLT) has reported a data breach to the Maine Attorney General on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance, Inc., a Risk Retention Group that has affected 59,901 individuals.
Suspicious activity was detected within its IT environment on October 12, 2022. Steps were taken to secure its systems and third-party forensics specialists were engaged to investigate. They determined that an unauthorized actor had access to its environment between October 2, 2022, and October 13, 2022, and during that time, files containing protected health information may have been accessed that included names, Social Security numbers, EIN/Tax Identification numbers, state identification/driver’s license information, and financial account information. It took until August 18, 2023, to complete the review of the affected files.
Complimentary credit monitoring services have been offered to the affected individuals and a review of policies, procedures, and processes related to the storage and access of sensitive information has been conducted.
Email Account Breach Affects Patients of Bloom Health Centers
On July 5, 2023, Bloom Health Centers in Timonium, MD, identified suspicious activity in its Microsoft 365 email environment. Steps were immediately taken to prevent further unauthorized access and an investigation was launched to identify the activity. Assisted by a third-party cybersecurity firm, Bloom Health Centers determined that the email account of one of its clinicians was accessed without authorization on or around June 23, 2023.
The review of the account was completed on August 7, 2023, and confirmed the account contained the protected health information of 1,545 patients including names, addresses, email addresses, telephone numbers, dates of birth, and medical information such as medications and diagnoses. That information may have been accessed or acquired during the incident; however, no instances of misuse of patient data have been identified.
The affected individuals have now been notified by mail and credit monitoring and identity theft protection services have been offered. Email security measures have been enhanced and further training on data protection best practices have been provided to all members of the workforce.
Prime Therapeutics/Magellan Rx Management Report Email Account Breach
Prime Therapeutics, a Minnesota-based pharmacy benefit management company serving health plans, employers, and government programs, and the next-generation pharmacy organization, Magellan Rx Management, a Prime Therapeutics company, have experienced a data breach involving the protected health information of 6,050 individuals.
The compromised data was stored in an employee’s mobile email account, which was discovered on July 11, 2023, to have been accessed by an unauthorized individual. The compromised credentials were disabled, the unauthorized individual’s IP address was blacklisted, and a review was conducted to determine what information had been exposed. While evidence of unauthorized data access was not found, the attacker may have been able to view names, addresses, dates of birth, member ID numbers, and medication(s).
Prime Therapeutics said it will continue to review internal procedures for potential improvements to strengthen account security and is evaluating additional safeguards to help prevent similar incidents from reoccurring in the future.
Carthage Area Hospital and Claxton Hepburn Medical Center Dealing with Cyberattack
Carthage Area Hospital and Claxton Hepburn Medical Center in Northern New York experienced a cyberattack on August 31, 2023. The hospitals put their emergency rooms on diversion and appointments were cancelled as a precaution due to IT systems being taken offline.
The FBI, New York State Department of Health, and the Department of Homeland Security were notified about the attack and the government is aware of the threat actor behind the attack but has not disclosed which group was responsible. The incident has been contained but the investigation is ongoing. At this stage of the investigation, it appears that patient data has not been compromised.
The post 60,000 Individuals Affected by Texas Medical Liability Trust Data Breach appeared first on HIPAA Journal.