87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack
On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, found abnormal activity in its computer network. After securing its network, a third-party cybersecurity agency looked into the breach. The investigation revealed unauthorized access to its computer systems, and files that included patients’ PHI were likely accessed or obtained. The analysis of impacted files was completed on January 17, 2024, and 86,981 people were found to have been impacted by the incident. Compromised information includes names, birth dates, addresses, medical treatment details, medical record numbers, and Social Security numbers.
Those persons were sent notifications through the mail and instructed to continue to be wary of identity theft and fraud. Cogdell Memorial Hospital reported it is strengthening system security and examining its present policies and protocols linked to data security. It appears that no credit monitoring and identity theft protection services were provided.
Ransomware Attack on MedQ, Inc.
Administrative services provider to HIPAA-regulated entities, MedQ, Inc., suffered a ransomware attack on or about December 26, 2023. Several servers utilized by the MedQ system and hosted on a third-party program had been encrypted in the incident. The forensic investigation affirmed the exfiltration of files from the servers before being encrypted from December 20 to December 26, 2023.
Those files included names, dates of birth, driver’s License numbers, Social Security numbers, subscriber ID numbers, medical data, diagnoses, laboratory data, medicines, other treatment details, health insurance and claim data, names of providers, and treatment dates. Extra measures have been enforced to better secure and check its systems. Affected people were given free credit monitoring and identity theft protection services. The breach report was sent to the HHS’ Office for Civil Rights stating that 54,725 individuals were affected.
9,013 People Impacted by the Hospice of Huntington Data Breach
Hospice of Huntington located in West Virginia has alerted 9,013 persons regarding the compromise of their protected health information (PHI) during a security incident on August 28, 2023. The forensic investigation and data assessment were finished on December 18, 2023, and showed that files were taken from its network on August 25, 2023.
Those files comprised names, driver’s license numbers, Social Security numbers or state ID numbers, birth dates, health details, and medical insurance data. Hospice of Huntington mentioned it did not come across any proof that indicate actual or attempted improper use of the stolen data and mailed notifications to impacted persons. Credit monitoring services were provided to persons whose Social Security numbers were affected.
2,324 Individuals Affected by Santa Clarita Community College District Data Breach
Santa Clarita Community College District has reported the compromise of the PHI of 2,324 people during a data breach at consulting and brokerage firm Keenan & Associates in Torrance, its business associate.
On August 27, 2023, Keenan & Associates discovered an attack upon noticing issues on its network servers. The forensic investigation affirmed that unauthorized systems access occurred from August 21, 2023 to August 27, 2023. At this time, files were extracted from its network. Those files included names, medical insurance data, and Social Security numbers. Keenan & Associates is informing the impacted people and has provided free credit monitoring and identity theft protection services for 24 months.
1,000 Individuals Affected by Mental Health Center of North Central Alabama Data Breach
The Mental Health Center of North Central Alabama, Inc. has informed 1,000 persons about the unauthorized access to their PHI. The provider detected the breach on December 19, 2023. Although the investigation is still in progress, it was affirmed that there was unauthorized access to selected systems for a short time in December 2023.
The types of data compromised in the incident differed from one person to another and possibly included names along with at least one of these data: address, date of birth, admission and discharge date, date of death, name of provider or facility, medical record number, medical problem, diagnosis and/or treatment data, laboratory results, prescription drugs, payment amount, history data, insurance payment amount details, date of service, financial account details, credit card number, medical data, medical insurance details, Social Security number, driver’s license or state ID number, and any personal data that was generated, used, or shared during the provision of health care services.
The Mental Health Center of North Central Alabama stated technical safety measures, including relevant HIPAA training, are being updated to avoid the same incidents later. It seems that no credit monitoring and identity theft protection services were offered.
