Advocates Inc. in Massachusetts., a non-profit provider of support services for people encountering life challenges including autism, brain injury, addiction intellectual handicaps, behavioral health, and mental health, has reported it recently suffered a sophisticated cyberattack and data theft occurrence.
Advocates discovered on October 1, 2021, that an unauthorized person had obtained access to its system and copied files comprising the sensitive data of patients and staff members. A prominent cybersecurity agency was engaged to aid with the inquiry, which revealed that an anonymous individual had accessed its network and duplicated files in a period of four days between September 14, 2021 and September 18, 2021.
The files included names, birth dates, addresses, Social Security numbers, medical insurance details, client ID numbers, diagnoses, and treatment details. After validating the individuals impacted, Advocate compiled updated contact data to be able to issue the written notifications, thus the delay in providing notification letters.
The cyberattack report was sent to the Federal Bureau of Investigation and government authorities. The breach report sent to the Department of Health and Human Services’ Office for Civil Rights reveals the protected health information (PHI) of 68,236 persons was contained in the stolen information. Advocates mentioned it doesn’t know if any actual or attempted improper use of the stolen data; nevertheless, as a preventative measure, affected people were provided free credit monitoring and identity theft protection services.
PHI Compromised in Cyberattack on Medical Healthcare Solutions
The medical billing firm Medical Healthcare Solutions located in Boston, MA has lately reported it encountered a cyberattack. The attack was identified on November 19, 2021, and steps were promptly taken to safeguard its system to stop more unauthorized access. The investigation established an unauthorized person had acquired access to its network from October 1, 2021 to October 4, 2021, and stolen a number of files from its system.
An analysis of the stolen records showed they comprised these types of information: Name, address, birth date, sex, telephone number, email address, driver’s license/state ID number, Social Security number, financial account number, payment card number, card CVV/expiration, routing number, diagnosis/treatment details, procedure type, provider name, prescription data, date of service, patient account number, medical record number insurance group number, insurance ID number, insurance plan name, claim number, provider ID number, process code, treatment price, and diagnosis code.
A final record of persons impacted by the breach was secured on January 8, and notification letters were already distributed. Free credit monitoring and identity theft protection services were given to affected people. The breach report was submitted to the HHS’ Office for Civil Rights, nevertheless, it has not yet been posted on the breach site, therefore it is presently not clear how many persons were impacted.
