Parathon by JDA eHealth Systems, a revenue cycle management company in Naperville, Illinois, has recently notified state attorneys general that it suffered a cyberattack on July 27, 2023. In its December 22, 2023, notification to the Montana Attorney General, Parathon explained that unauthorized individuals were able to access the protected health information of patients of its clients. The types of information involved varied from individual to individual and may have included names in combination with one or more of the following: address, date of birth, and/or protected health information, including but not limited to diagnosis, claims information, and health insurance information.

The notification does not state whether files were encrypted in the attack, but Parathon said data was stolen and a ransom payment was demanded. Parathon said, “We have taken all efforts possible to mitigate any further exposure of your personal information and related identity theft.” The Akira threat group claimed responsibility for the attack and added Parathan to its data leak site but has since removed the listing which suggests the ransom was paid. Akira claimed to have stolen 560GB of data.

In its breach notification letters, Parathon said, “We are committed to doing everything we can to protect the privacy and security of the personal information in our care.” Additional safeguards have been implemented, security measures have been enhanced to better protect the data in its systems, and Parathon has reviewed its policies and procedures relating to data security. Parathon said it has found no evidence to indicate any misuse of the stolen data, but as a precaution, has offered three complimentary services to the affected individuals: single bureau credit monitoring, single bureau credit report, and single bureau credit score, which are being provided by Cyberscout.

It is unclear how many clients were affected. The HIPAA Journal has been able to confirm that one of the affected clients is NorthShore University Health System. While state attorneys general have been notified, the incident has not yet appeared on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.

31,000 Individuals Affected by Cyberattack on Eye Physicians of Central Florida

Eye Physicians of Central Florida, PLLC, has recently announced that the protected health information of 31,189 patients has been exposed and potentially stolen in a recent cyberattack. Eye Physicians of Central Florida, a division of Florida Pediatric Associates, identified suspicious network activity on November 5, 2023. Steps were immediately taken to prevent further unauthorized access to its systems and a forensic investigation was launched to determine the nature and scope of the incident.

The investigation confirmed there had been unauthorized access to parts of its network where patient information was stored. At the time of issuing notification letters to the affected individuals on December 6, 2023, no evidence had been found to indicate any actual or attempted misuse of patient data; however, out of an abundance of caution, affected individuals have been offered complimentary credit monitoring and identity theft protection services.

The types of data exposed included names, addresses, dates of birth, medical diagnosis and treatment information, provider names, patient ID numbers, procedure codes, dates of service, treatment cost information, financial account information, state ID, health insurance information, and/or prescription information.

Eye Physicians of Central Florida said it is reviewing its current policies and procedures related to data security and will make improvements, as necessary to harden security.

The post Parathon by JDA eHealth Systems Confirms July 2023 Cyberattack appeared first on HIPAA Journal.