SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the Wisconsin Department of Health Services has announced a breach of the personal information of 19,150 Medicaid recipients.

SkinCure Oncology

SkinCure Oncology in Burr Ridge, IL, has issued individual notifications to 13,434 patients whose protected health information was compromised in an email breach that occurred more than a year ago. According to the substitute breach notice, the investigation confirmed that multiple email accounts were accessed by an unauthorized third party between June 23 and June 25, 2023.

A comprehensive review was conducted to identify the files in the email accounts, and on December 6, 2023, it was confirmed that protected health information was present in emails and email attachments. SkinCure Oncology believes files in those email accounts were viewed and potentially obtained in the attack. The exposed information varied from individual to individual and may have included names, birth dates, medical record numbers, medical histories, and health insurance information. A limited number of patients had their Social Security numbers, driver’s license numbers, financial account information, and/or credit card information exposed.

The delay in issuing individual notifications was due to the time it took for SkinCure Oncology and its practice partners to locate up-to-date address information. The substitute breach notice makes no mention of complimentary credit monitoring and identity theft protection services, only that patients should be vigilant against identity theft and fraud. Further information can be contained by calling SkinCure Oncology’s helpline – (866) 528-8844. The helpline is manned Monday to Friday from 8:00 a.m. to  5:30 p.m. Central Time.

Wisconsin Department of Health Services

Wisconsin Department of Health Services has reported a breach of the protected health information of up to 19,150 Medicaid recipients. The breach occurred at one of its partner organizations, Disability Rights Wisconsin, which discovered an unauthorized third party had gained access to an employee email account. It is unclear from the announcement when the breach occurred and when it was discovered.

Notification letters were sent to the affected individuals on June 21, 2024, and they were advised about the data that was exposed. Complimentary credit monitoring services have been offered to the affected individuals for 12 months and a helpline – 888-733-3814 – has been set up for individuals seeking further information. The helpline is manned Monday to Friday, from 8:00 a.m. to 8 p.m. Central Time.

The post Email Breaches Reported by SkinCure Oncology & the Wisconsin Department of Health Services appeared first on The HIPAA Journal.

A cyberattack on Texas Retina Associates has affected more than 312,000 patients, Human Technology Inc., has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital.

Texas Retina Associates Cyberattack Affects 312,000 Patients

Texas Retina Associates, the largest ophthalmology practice in Texas, has announced that there has been unauthorized access to its internal systems and the potential theft of sensitive patient data. Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected.

Texas Retina Associates said it is unaware of any misuse of patient data and is issuing notifications “out of an abundance of caution” as files have been exposed that contained patient data. The file review confirmed that the exposed data included first and last name, address, phone number, email address, birth date, gender, Social Security number, medical record number, clinical information, prescription information, medical information, health information, and health insurance information.

The breach has recently been reported to the HHS’ Office for Civil Rights as affecting up to 312,867 current and former patients. Texas Retina Associates has confirmed that its systems have been secured, additional cybersecurity safeguards have been implemented, cybersecurity policies and procedures have been enhanced, and additional cybersecurity training has been provided to its workforce. A helpline has been established for individuals to obtain further information about the breach (888-498-3901) The helpline is manned from 8 a.m. to 8 p.m. Central Time.  The substitute breach notice on the Texas Retina Associates website makes no mention of complimentary credit monitoring or identity protection services being offered.

Human Technology Inc.

The Jackson, TN-based prosthetics and orthotics company, Human Technology Inc., and its affiliates Greer Orthotics & Prosthetics, Murphy’s Orthopedic & Footcare, and Hi-Tech Prosthetics & Orthotics have been affected by a data security incident that was detected on March 15, 2024.

An internal investigation was launched to identify the source of anomalous network activity and a digital forensics firm was engaged to assist with the investigation. The investigation was completed on or around May 31, 2024, and confirmed that an unauthorized actor gained access to a computer system used by Human Technology and its affiliates and potentially viewed or obtained patient data. The exposed data included names, addresses, dates of birth, medical information, health insurance information, Social Security numbers, driver’s license numbers, passport numbers, payment card numbers/expiry dates, account numbers, routing numbers, and tax IDs.

Notification letters were mailed to the affected individuals on June 28, 2024, and complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. Human Technology said it is unaware of any misuse of the affected data. To improve security and reduce the risk of similar incidents in the future, Human Technology has implemented additional safeguards, including EDR monitoring. A helpline has been established for individuals seeking further information on the breach ((866)-528-4805). The helpline is manned from 8.00 a.m. to 5.30 p.m. Central Time.

The incident is not yet shown on the HHS’ Office for Civil Rights website so it is currently unclear how many individuals have been affected.

Ransomware Group Claims Responsibility for Attack on Wayne Memorial Hospital

The Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital, an 11-bed non-profit hospital in Honesdale, PA. The hospital has yet to announce any cyberattack or data breach. The hospital has been added to the Monti group’s data leak site, but no data is currently listed for download. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.

The post Texas Retina Associates Cyberattack Affects 312,000 Patients appeared first on The HIPAA Journal.