Unauthorized individuals possibly accessed the protected health information (PHI) of over 650,000 patients of Community Medical Centers (CMC) located in California.
CMC is a non-profit group of community health centers that provide care for patients in the Solano, Yolo, and San Joaquin counties in Northern California. CMC discovered suspicious activity in its computer systems on October 10, 2021, and turned off its systems to avoid further unauthorized access. An investigation was started to know the nature and magnitude of the breach, with help provided by third-party cybersecurity specialists.
The forensic investigation established that unauthorized people had gotten access to sections of its system where PHI was kept, such as first and last names, birth dates, postal addresses, Social Security numbers, health data, and demographic data.
Considering the sensitive character of the compromised information, CMC is providing free identity theft protection, identity theft resolution, and credit monitoring services to affected persons. CMC stated that its systems are already secure, policies and procedures have been assessed and made current to boost security, and data management policies were evaluated and updated.
CMC has informed the authorities concerning the breach, together with the relevant state attorneys general and the Department of Health and Human Services.
The breach notification given to the Maine attorney general shows that the PHI of 656,047 people was possibly exposed.
Professional Healthcare Management Reports Ransomware Attack
Professional Healthcare Management (PMH) has begun informing a number of patients concerning the likely exposure of some of their PHI during a ransomware attack that occurred in September 2021.
PMH noticed the attack on September 14 and immediately took action to secure its databases and workstations. Third-party cybersecurity and incident response professionals helped PMH to immediately protect and regain its networks and operations. The healthcare company carried out an investigation to find out the nature and extent of the breach and affirmed that hackers might have acquired the personal information and PHI of patients.
The breach inquiry is in progress yet, at this time, no proof of patient data misuse or theft has been determined; nonetheless, notification letters are right now being mailed to impacted persons and the breach report was submitted to the HHS’ Office for Civil Rights.
PMH stated these types of patient data were likely breached: Social Security numbers, first and last names, medical insurance details (Medicare number, Medicaid number, and insurance ID number), diagnosis code(s), and medicine name(s).
More safety measures are being enforced to strengthen IT security, cybersecurity guidelines, and processes are being upgraded, and supplemental cybersecurity training was given to the labor force.