Allaire Healthcare Group and Platinum Hospitalists have lately reported that an unauthorized individual has acquired access to the email account of a worker and likely viewed or duplicated patient information.
PHI Likely Exposed Because of Email Account Breach at Allaire Healthcare Group
Allaire Healthcare Group located in Freehold, NJ operates five residential healthcare centers in the tri-state vicinity that offer dementia care, subacute care, and respite care. It found out that an unauthorized person has obtained access to one employee’s email account. The group detected suspicious activity in the worker’s email account on November 24, 2021. It took fast action to protect the account along with its email system and to avert continuing unauthorized access.
The forensic investigation affirmed that the breach just impacted one email account, which the unauthorized individual accessed between November 10, 2021 and November 24, 2021. An automated and manual evaluation of the affected email account was finished on March 18, 2022. The analysis showed that the email account comprised the protected health information (PHI) of 13,148 persons, which include first and last names, Allaire-issued unique client identifier numbers, Social Security numbers, driver’s license numbers, passport numbers, payment card details, financial account numbers, details about medical backgrounds, treatment/diagnosis data, prescription details, and/or medical insurance details.
The forensic investigation didn’t uncover any proof that indicates the viewing or downloading of any of that information. There are no reports acquired regarding any cases of actual or attempted misuse of the data.
Platinum Hospitalists Detect Phishing Attack and Security Breach
Platinum Hospitalists lately commenced informing 6,000 individuals regarding the likely exposure of some of their PHI. On March 29, 2022, Platinum Hospitalists learned that an unauthorized person viewed an email account. The investigation confirmed that the employee’s credentials were stolen after clicking on a phishing email. The breach merely impacted a single email account. An evaluation of the account revealed that it included individually identifiable PHI.
Platinum Hospitalists reported that patient information is encrypted whenever it is transmitted externally, such as through email, nevertheless, the nature of the attack suggested the data in the account may have been accessed and extracted in a readable format. The investigation cannot determine the particular data that was exposed, however, the following kinds of data were found in the email account: patient names, birth dates, dates of service, diagnosis and procedure codes, patient account numbers, medical record numbers, insurance ID numbers, and invoiced amounts. There is no exposure of Social Security numbers.
The records mostly associated with patients who were insured by Humana and obtained health care services from Platinum companies at acute hospitals and other medical services in the Las Vegas area between approximately October 2018 and March 2022.