Birmingham, AL-based Henderson & Walton Women’s Center (HWWC) has lately notified 34,306 sufferers that a few of their protected well being info might have been compromised on account of a hacker having access to the e-mail account of one in all its workers. HWWC stated the forensic investigation of the information breach confirmed the attacker didn’t achieve entry to the e-mail server and the breach was confined to the e-mail account of 1 worker.
HWWC didn’t disclose when the e-mail account was compromised however stated there was a delay in issuing notification letters as a result of prolonged strategy of reviewing all emails within the account to find out the forms of info and particular people that had been affected. That course of concluded on June 24, 2022.
HWWC stated it had carried out encryption for all exterior emails, however the forensic investigation decided that saved emails might have been accessed. Those emails contained affected person info comparable to names, dates of delivery, Social Security numbers, medical info, medical insurance info, driver’s license numbers, and state ID numbers. The info uncovered assorted from affected person to affected person.
Notification letters had been despatched to all affected people in August. As a precaution towards identification theft and fraud, complimentary memberships have been provided to a credit score monitoring service for 12 months. Steps have additionally been taken to enhance the safety of its e mail system, together with implementing a brand new process for robotically deleting emails containing PHI after 3 days, and a system is being carried out that may stop the sharing of any private info by way of e mail.
Get The Checklist
Free and Immediate Download
HIPAA Compliance Checklist
Delivered by way of e mail so confirm your e mail tackle is appropriate.
Your Privacy Respected
HIPAA Journal Privacy Policy
Genesis Health Care Reports Cyberattack and Data Breach
The Columbia, SC-based nonprofit Federally Qualified Health Center, Genesis Health Care Inc., has lately notified the Montana Attorney General a few cyberattack that was detected on April 11, 2022.
Suspicious exercise was detected in sure IT techniques, prompting a complete investigation. Third-party digital forensics specialists had been engaged to find out the character and scope of the incident and assist restore the performance of its techniques. The investigation confirmed on June 9, 2022, that information might have been accessed or exfiltrated from its techniques between January 19, 2022, and April 11, 2022. A programmatic and handbook assessment of the affected information confirmed on July 13, 2022, that they contained affected person info.
According to the substitute breach discover on the corporate web site, the next forms of info had been compromised within the breach: Names, Social Security quantity, driver’s license quantity, monetary account info, cost card info, employer identification quantity, passport quantity, medical insurance info, username and password, PIN, or account login, date of delivery, and medical info together with billing or claims info, prognosis, doctor info, medical document quantity, Medicare/Medicaid info, prescription/remedy info, and remedy info.
Genesis Health Care stated it’s reviewing its insurance policies and procedures and can consider extra measures and safeguards to stop related breaches sooner or later.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 21,226 sufferers.
https://www.hipaajournal.com/data-breach-henderson-walton-womens-center-genesis-health-care-inc/
