With all the big attacks on third-party vendors, it’s not surprising that some entities are reporting two or more breaches in a short period of time. Imagine360, LLC, is a self-funded health plan for employers. On or around January 30, Imagine360 identified unusual activity within Citrix, its third-party file-sharing platform. Imagine360 terminated access to the…
Category: Health Data
Murfreesboro Medical Clinic & SurgiCenter ransomware attack affected 559,000 patients (update1)
On May 6 and May 7, DataBreaches reported that the attack on Murfreesboro Medical Clinic & SurgiCenter (“MMC”) appeared to be the work of the ransomware group known as BianLian. On June 14, MMC issued an updated notice on their website, as noted by Daily News Journal. The news report reiterated that MMC refused to…
2,632 Medicaid members in Arizona being notified of data leak
A systems error involving the Arizona Health Care Cost Containment System (AHCCCS) resulted in 2,632 Health-e-Arizona Plus household accounts having their data accidentally exposed to others accessing the website. The breach was discovered on May 11, but had occurred earlier in the year. Name, addresses, and the last four digits of social security numbers were exposed…
ARx Patient Solutions and ARx Patient Solutions Pharmacy notify patients of a March, 2022 breach
ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, have issued a press release about a data breach affecting patient data. Their notice states, “It was determined that in March 2022, an employee email account was compromised and accessed by an unauthorized third party.” The types of patient information that may have been…
San Bernardino Sheriff’s Department update: can’t rule out that PII and PHI were accessed in ransomware attack
The Fontana Herald News alerts us to an update by the San Bernardino County Sheriff’s Department concerning the ransomware attack they experienced in early April. The county now states that they have been unable to determine definitively if personally identifiable information (PII) and protected health information (PHI) were accessed. From the county’s June 23 notice:…
Mount Desert Island Hospital notifies 24,180 patients of April network attack
On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there…