ZocDoc in New York, which offers a platform that enables would-be patients to reserve consultations with physicians and dentists, has uncovered a problem in its software program that made it possible for patient records to be viewed by health care and dental practices when viewing ought to have been limited.
The investigation showed programming flaws had taken place from August 2020 right until the issues were identified and fixed, a number of past and present practice workers got access to the provider site, even though their accounts must have been either terminated, erased, or been restricted. On all occasions, the people who may have accessed patient information erroneously were healthcare companies and are thus certain to protect the privacy and security of patient records. ZocDoc reported there is no information that indicates there were any more disclosures of patient information.
Patient records likely accessed contained names, email addresses, telephone numbers, visit records with the provider, insurance details, Social Security numbers, and medical details furnished by persons associated with appointments scheduled by means of the service.
ZocDoc claimed it carried out an analysis of its program and code and the programming problems have been resolved. Security procedures have already been toughened, regular security reviews will always be performed, and steps were done to strengthen those evaluations.
ZocDoc stated around 7,600 persons all over the United States have been impacted. As a preventative measure against identity theft and fraud, affected people were given a no-cost membership to the Experian IdentityWorks identity theft protection service for one year.
Cincinnati Parenting Center Announces Email Account Breaches
Beech Acres Parenting Center located in Cincinnati learned that an unauthorized individual got access to email accounts comprising client information. A digital forensics agency helped with the inquiry to find out the nature and total extent of the breach. The investigation revealed that an unauthorized person viewed the email accounts from December 29, 2020 to March 18, 2021.
An evaluation of the email messages and attachments in the breached accounts showed they covered sensitive client data which include names, birth dates, dates of service, provider names, client account numbers treatment, and clinical data and, for a part of persons, medical insurance details, Driver’s License Numbers And/or Social Security Numbers.
As soon as the breach was identified, all email accounts were kept secure. Devices and programs are being assessed and steps will be undertaken to strengthen security. The staff will likewise be re-trained on recognizing and getting rid of suspicious emails.
After the review has ended, impacted people will receive notices through mail. Persons who had their Social Security or driver’s license number possibly exposed will receive free credit tracking and identity protection services.