Nevada Health Centers is notifying an unspecified number of patients after discovering an unauthorized person accessed an employee’s email account between November 20 and December 7. They do not think the motivation was to obtain ePHI as much as financial information about NHC, but with all the “potentially” kind of language, it will be hard for patients to assess their risk of harm. It’s not even clear whether NHC knows for sure whether any patient data was (1) accessed and (2) exfiltrated.
More than 36,000 UPMC patients might have had personal data accessed after a security breach at Charles J. Hilton and Associates, a firm that provides billing-related legal services to the health system. The firm reported that hackers accessed employees’ email accounts between April 1 and June 25 of 2020. UPMC Health Plan just reported this breach to HHS as impacting 19,000 patients. UPMC’s statement on the breach can be found on their web site.
Update: On Feb. 12, HHS added a second report from UPMC to their web site. This one, not from the Health Plan, reported 36,086 patients impacted.