Peerstar LLC, a Pennsylvania-based provider of mental health support services, said 11,438 patients have been notified about the exposure and potential theft of their protected health information. Suspicious activity was detected on its network on March 7, 2023, and third-party security experts were engaged to investigate the incident and assess the security of its systems. On May 17, 2023, it was confirmed that an unauthorized third party had access to its systems between February 22, 2023, and March 3, 2023, and protected health information had been exposed. Peerstar said it is unaware of any actual or attempted misuse of patient data.

The types of information exposed varied from individual to individual and may have included the following: first and last name, address, phone number, email address, Social Security number, date of birth, admission date, discharge date, physical or mental health condition, treatment and diagnosis information, driver’s license number or government-issued identification number, financial account number, credit or debit card number, digital signature, birth or marriage certificate, healthcare payment information, and/or health insurance information, including, application and claims history, and policy number or subscriber identification number.

Peerstar has confirmed that additional cybersecurity safeguards are being implemented, employee cybersecurity training has been enhanced, and cybersecurity policies, procedures, and protocols are being improved.

Fredericksburg Foot & Ankle Center Reports April 2023 Data Breach

Fredericksburg Foot & Ankle Center in Fredericksburg, VA, has reported a data breach to the Maine Attorney General that has affected up to 14,912 individuals. In the October 25, 2023, breach notice, the healthcare provider did not disclose when it was first alerted to a potential breach, but said it learned on September 5, 2023, that files were accessed by an unauthorized third party on or around April 21, 2023.

The files included patients protected health information including names, other personal identifiers, and Social Security numbers. Affected individuals have been provided with complimentary single bureau credit monitoring services and said it will continue to evaluate and modify its practices and internal controls to enhance the security and privacy of personal information.

La Red Health Center Investigating Cyberattack

La Red Health Center in Georgetown, DE, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected at least 501 individuals. 501 is frequently used as a placeholder to meet breach reporting requirements when the total number of affected individuals has yet to be determined.

La Red Health Center said suspicious activity was detected within its network on April 11, 2023. Assisted by third-party security experts, the healthcare provider determined that there had been unauthorized access to its network between March 27, 2023, and April 6, 2023. On August 21, 2023, the affected files were confirmed, and a review was initiated to determine the individuals affected and to obtain up-to-date contact information. The website breach notice does not state what information was compromised in the attack.

The post Data Breaches Reported by Peerstar, La Red Health Center, Fredericksburg Foot & Ankle Center appeared first on HIPAA Journal.