Mobile Anesthesiologists lately found out about the compromise of some patients’ protected health information (PHI) as a result of a technical misconfiguration. The issue happened before December 14, 2020, and permitted public access to PHI including names, medical insurance data, date of service, medical treatment information, and birth dates.
An inquiry of the problem ended on January 28, 2021 and it confirmed the exposure of the PHI of 65,403 persons. Although the PHI could likely have been accessed by unauthorized people, there is no proof found that suggests unauthorized data access or PHI theft. Mobile Anesthesiologists notified the affected persons by mail beginning March 10, 2021.
Email Error Brings About Unauthorized Disclosure of Heart of Texas Community Health Center Patients’ PHI
Heart of Texas Community Health Center learned about the exposure of the PHI of a number of patients.
An email with patient information was sent to people who are permitted to view the data, however, the email got mailed to an account that was beyond the coverage of the firewall and might have been intercepted since the email had no encryption.
The email simply contained an email address and mentioned the email account holder was past due to have a pap smear. The email didn’t include any name or other data. The email merely corresponded to female patients who are 21 to 65 years old and had visited a Heart of Texas Community Health Center facility from September to December 2020.
There was no report obtained that suggests the interception of the email or its access by unauthorized persons.
Haven Behavioral Healthcare Reports Breach of Systems Comprising Patient Information
Haven Behavioral Healthcare located in Nashville, TN has publicized that unauthorized people acquired access to sections of its system that secured the PHI of patients. The provider detected the data breach on or around September 27, 2020 and started an investigation right away. Third-party cybersecurity professionals helped to find out the nature and extent of the breach.
The investigation showed that the attacker viewed its systems between September 24 and September 27, 2020. It was affirmed on January 27, 2021 that the files accessed by the attacker included patient information. An analysis of the files was done on March 11, 2021 and Haven Behavioral Healthcare started mailing notification letters on March 23, 2021.
Though the files were unsecured, the investigation cannot verify whether the hacker accessed the files. It is at the moment unknown which hospitals and patients were impacted.