Cyberattacks Reported by Bienville Orthopaedic Specialists and … – HIPAA Journal
Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental
A round-up of data breaches that have recently been reported to the HHS’ Office for Civil Rights, state Attorneys General, and the media.
242,986 Patients Had PHI Compromised in Cyberattack on Bienville Orthopaedic Specialists
Bienville Orthopaedic Specialists in Gautier, MS, has reported a data breach to the Maine Attorney General that has affected up to 242,986 patients. A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023. The threat actor acquired files from its systems on March 4, 2023.
The review of the affected files was completed on July 31, 2023, and it was determined that names and Social Security numbers had been compromised. Additional technical safeguards have now been implemented to prevent similar incidents in the future. Credit monitoring services are being offered to the affected individuals for 12 months at no cost.
Just Kids Dental Suffers Ransomware Attack
Acadia Health, LLC, doing business as Just Kids Dental, has started notifying 129,623 patients that some of their protected health information was stolen in an August 2, 2023, ransomware attack. The incident was detected on August 8, 2023, after files were encrypted. Some of those files contained patient and employee information and were exfiltrated by the attacker prior to encryption.
The types of information involved varied from individual to individual. For patients, the affected information included name, address, email, phone number(s), birth date, Social Security number, driver’s license number, health insurance policy information, treatment information including radiographic images, medical record number, account number, and health conditions. Parents/ guardians of patients had the following information compromised: name, address, email, phone number(s), birth date, Social Security number, driver’s license number, and health insurance policy information. The exposed employee information included name, Social Security number, and local state and federal licensing information (NPI, DEA, and State licensing numbers).
Just Kids Dental said the malicious actor behind the attack confirmed that the stolen data has been deleted and that no information had been further disclosed. Just Kids Dental does not expect there to be any data misuse; however, affected individuals have been advised to monitor their account statements for suspicious or unauthorized activity.
Email Accounts Compromised at Associates in Pediatric Dentistry
Associates in Pediatric Dentistry in Louisiana recently announced that unauthorized individuals gained access to certain employee email accounts that contained patient information. The email account breach was detected on August 25, 2023; however, the forensic investigation revealed the email accounts had been accessed 7 months previously, between January 27, 2023, and February 8, 2023.
The review of the email accounts was completed on June 28, 2023, and confirmed they contained the protected health information of 9,703 patients, including names, addresses, contact information, dates of birth, treatment and diagnosis information, dates of treatment, provider names, costs of treatment, and/or health insurance information. Additional safeguards and technical security measures have now been implemented to prevent similar incidents in the future.
North Mississippi Health Services Shuts Down Phishing Attack in 17 Minutes
North Mississippi Health Services in Tupelo has recently confirmed that unauthorized individuals gained access to an employee’s email account after the employee responded to a phishing email. The email account breach was detected on July 3, 2023, and was immediately remediated. The threat actor only had access to the account for 17 minutes. While the window of opportunity for data theft was short, it is possible that some of the emails and attachments in the account were downloaded. The review of the account confirmed it contained the following types of information: names, dates of birth, primary physicians’ names, and diagnoses or dispositions upon recent discharge from North Mississippi Medical Center-Tupelo.
North Mississippi Health Services has found no evidence to suggest any patient data was misused and said policies and procedures are being reviewed and employee education about phishing is being strengthened.
The post Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental appeared first on HIPAA Journal.
Office Puzzle Achieves HIPAA Compliance with Compliancy Group
Office Puzzle has taken all necessary steps to prove its good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Office Puzzle is an innovative software company specializing in tailored solutions for behavior and mental health professionals. Its software solutions are designed to streamline workflows, enhance patient care, and ensure data security, empowering professionals to focus on their core mission.
Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™. Office Puzzle can track their compliance program and has earned their Seal of Compliance™. The Seal of Compliance is issued to organizations that have implemented an effective HIPAA compliance program through the use of The Guard.
HIPAA is made up of a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.
Office Puzzle has completed Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH. Compliancy Group has verified Office Puzzle’s good faith effort to achieve HIPAA compliance through The Guard.
“At Office Puzzle, we recognize the paramount importance of safeguarding sensitive healthcare data in today’s dynamic business environment. Our partnership with Compliancy Group signifies our unwavering commitment to the highest standards of HIPAA compliance, ensuring that our clients can trust in the security and integrity of their information,” said Hailu Jardines, CEO of Office Puzzle. “In the realm of behavior and mental health, the confidentiality and security of sensitive data are of paramount importance. Our partnership with Compliancy Group underscores our unwavering commitment to upholding the highest standards of HIPAA compliance. This ensures that our clients, who are dedicated to the well-being of individuals, can have complete trust in the security of their data.“
Clients and patients are becoming more aware of HIPAA compliance requirements and how the regulation protects their personal information. Forward-thinking providers like Office Puzzle choose the Seal of Compliance to differentiate their services.
The post Office Puzzle Achieves HIPAA Compliance with Compliancy Group appeared first on HIPAA Journal.
Vital Signs Digital Health Law Update | Summer 2023 – Lexology
Conducting a Campus Security Risk Assessment? Take these 7 … – Campus Safety Magazine
Conducting a Campus Security Risk Assessment? Take these 7 ... Campus Safety Magazine
Unlocking success: CloudEdge by WorldPosta and SAP – Digital Journal
Unlocking success: CloudEdge by WorldPosta and SAP Digital Journal