235,000 People Impacted by Data Breach at Yakima Valley Radiology
Yakima Valley Radiology in Washington recently informed 235,249 people about unauthorized access to some patient information. The company discovered the breach on August 18, 2023, and third-party forensics professionals investigated the breach.
Yakima Valley Radiology reported the compromise of an email account and the effort given to find out what data was included in the account. It was confirmed on January 31, 2024 that the compromised data involved names and Social Security numbers. The company mailed notification letters to the impacted persons, who were offered a free Single Bureau Credit Monitoring/Single Bureau Credit Score/Single Bureau Credit Report services membership.
Employee Benefits Corporation of America and Benefit Design Group Data Breach Impacts 39,912 Employees
Employee Benefits Corporation of America and Benefit Design Group, Inc. have announced a breach of the protected health information (PHI) of 38,912 staff members. The Department of Homeland Security advised the Virginia Farm Bureau (VFB) on or around October 11, 2022 about a legitimate tip that a breach impacted VFB as well as its affiliated organizations. The investigation confirmed the compromise of one workstation. The impacted user account was deactivated to stop ongoing unauthorized access.
On October 16, 2022, VFB discovered the encryption of data on its systems by ransomware. In that ransomware attack, these data were potentially compromised: names, Social Security numbers, driver’s license numbers, and financial account information that belong to people who obtained services from VFB or are present or past workers.
The affiliated organizations impacted were Countryway Insurance Company, Virginia Farm Bureau Mutual Insurance Company, the Health Care Consultants division of Farm Bureau Service Corporation, Custom Health Care, Inc., Benefit Design Group, Inc., and Employee Benefits Corporation of America. Impacted persons were provided free credit monitoring services. VFB did not explain the reason of the delay on issuing notifications.
3,954 Persons Affected by Lena Pope Home Inc. Email Breach
Lena Pope Home Inc. based in Texas discovered unauthorized activity impacting the email account of an employee on September 30, 2023. A forensic investigation revealed that the unauthorized activity only affected one account. Upon review of the email account, it was confirmed that it included the PHI of 3,954 persons which included names, phone numbers, email addresses, birth dates, some types of personal health data, and medical insurance policy numbers.
Lena Pope Home posted a substitute breach notification on its website on October 2, 2023, and sent notification letters to the impacted individuals through email. Lena Pope Home stated they have improved technical safety measures, used GEO IP blocking for Office 365 and multifactor authentication, and have given staff members extra training on security awareness. Impacted persons were instructed to stay cautious against identity theft and fraud.
87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack
On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, discovered strange activity in its computer systems. After securing its network, a third-party cybersecurity company investigated the breach. The investigation revealed unauthorized access to its computer network, and files that contained patients’ PHI were potentially viewed or stolen. The evaluation of the breached files was finished on January 17, 2024, and 86,981 persons were confirmed to have been affected by the incident. Breached data include names, dates of birth, addresses, medical treatment data, medical record numbers, and Social Security numbers.
Those people were sent notification letters by mail and advised to stay cautious against identity theft and fraud. Cogdell Memorial Hospital mentioned it is enhancing system security and updating its current guidelines and procedures associated with data security. It seems that no credit monitoring and identity theft protection services were offered.
MedQ, Inc. Ransomware Attack
Administrative services provider to HIPAA-covered entities, MedQ, Inc., encountered a ransomware attack on or around December 26, 2023. A few servers employed by the MedQ platform and hosted on a third-party system were encrypted in the attack. The forensic investigation affirmed the theft of files from the servers before encryption on December 20 to December 26, 2023.
Those files included names, birth dates, driver’s License numbers, Social Security numbers, subscriber ID numbers, health details, diagnoses, lab results, prescription drugs, other treatment data, health insurance and claim details, provider names, and dates of treatment. Supplemental measures have been put in place to better safeguard and keep track of its systems. Affected persons were given complimentary credit monitoring and identity theft protection services. The breach report was submitted to the HHS’ Office for Civil Rights indicating that 54,725 individuals were impacted.
9,013 Individuals Impacted by the Hospice of Huntington Data Breach
Hospice of Huntington based in West Virginia has informed 9,013 people about the exposure of their protected health information (PHI) during a security incident on August 28, 2023. The forensic investigation and file evaluation were done on December 18, 2023, and revealed that files were extracted from its systems on August 25, 2023.
Those files comprised names, driver’s license numbers, Social Security numbers or state identification numbers, dates of birth, medical data, and medical insurance details. Hospice of Huntington stated it did not find any evidence that suggest actual or attempted misuse of the stolen information and sent notifications to affected persons. Credit monitoring services were provided to those whose Social Security numbers were stolen.