Each week, I post some articles on this site about breaches involving protected health information or medical information, but there are usually other reports that just get entered on my worksheets for analysis for Protenus. To give you a taste of how many more incidents we record but not necessarily post in a week, I thought I’d list some recent ones involving patient information that did not originally show up on this site:
La Clinica de la Raza:
On January 28, 2021, La Clinica became aware that malware had been deployed on certain La Clinica systems which store information, including personal information, for the organization…. La Clinica’s ongoing investigation has determined that unauthorized access to the affected systems occurred, and ended, on January 12, 2021…. [Information] may have included some of the following information: your full name, date of birth, phone number, home address, health insurance information, and certain
health information such as dates of service, diagnosis, test results, and treatment information related to care received at La Clinica.
Read their full notification on the California Attorney General’s web site.
Cornerstone Municipal Advisory Group d/b/a Manquen Vance:
Cornerstone Municipal Advisory Group d/b/a Manquen Vance (“Manquen Vance”) is providing notice of a recent incident that may impact the privacy of personal and/or health information. Manquen Vance began sending letters to potentially affected individuals on April 2, 2021. Manquen Vance is a group health plan broker and consultant, specializing in municipal clients in Michigan.
What Happened? On November 16, 2020, Manquen Vance discovered suspicious activity relating to an employee’s email account. Manquen Vance immediately changed the account credentials and began an investigation to determine the full nature and scope of the incident. The investigation determined that unauthorized access to the email account occurred between November 1, 2020 and November 16, 2020; however, the forensic investigation did not identify access to specific emails and/or attachments.
What Information Was Involved? The analysis of the email account determined that members names, Social Security Numbers and health insurance.
Read their full Press Relase.
Squirrel Hill Health Center:
What Happened? On >February 4, 2021, Squirrel Hill became aware of suspicious activity on its computer network. Squirrel Hill immediately launched an investigation, with the assistance of third-party computer forensic specialists, and determined that its network had been infected with malware which prevented access to certain files on the system…. The activity occurred between January 28, 2021 and February 4, 2021.
What Information Was Involved? The information contained within the files at issue varied by individual but contained names, addresses, limited appointment scheduling details, dates of birth, diagnostic codes, and Social Security numbers for a small number of individuals.
Read their full Press Release.
Epilepsy Florida:
Epilepsy Florida first disclosed that some of its patients had information caught up in the Blackbaud ransomware incident last year. You can read their explanation as to the timeline and type of information in their substitute notice.
Woolfson Eye Institute:
On September 21, 2020, the Woolfson Eye Institute (“Woolfson”) learned that a laptop that was connected to testing equipment and storing a patient database was stolen earlier that day. The information stored in the patient database on the laptop included patient names and dates of birth only.
Read their full notice on their site.
TriHealth:
TriHealth was notified in February by the law firm of Bricker & Eckler that a ransomware attack on the law firm had impacted some TriHealth employees and patients.
You can read their notice on their web site.