In addition to a breach reported by Renaissance, two other breaches involving protected health information were disclosed yesterday. Here’s what you might want to know about those:
Cayuga Medical Center
We are still first learning about some victims of the Accellion data breach that took place back in December and January when threat actors exploited a number of vulnerabilities in the firm’s old file transfer platform.
This month, we are seeing reports that some entities were notified by Guidehouse, a third-party insurance claims billing service that some covered entities use.
In this case, Cayuga Medical Center reports that they were notified in May by Guidehouse, who had been notified in March by Accellion of the breach in January.
60 days here. 60 days there. It all adds up to slow notifications of breaches.
Wisconsin Institute of Urology
Elsewhere, the Wisconsin Institute of Urology issued a press release about a breach of protected health information that was the result of a compromised employee email account. WIU discovered suspicious activity on May 26, but it was not until June 9 that they confirmed unauthorized access to the account and could begin to determine what was in it and who might need to be notified.
You can read their press release here. This incident does not appear on HHS’s public breach tool at the time of this publication, so we do not know how many patients are being notified.