Data Breaches at ARx Patient Solutions, City of San Luis, Arizona Medicaid Agency, and Other Healthcare Providers

ARx Patient Solutions Reports Email Account Breach from 2022

Healthcare provider ARx Patient Solutions, based in Kansas lately informed the Maine Attorney General regarding a security breach that has impacted 41,116 people, which include those who used the ARx Patient Solutions Pharmacy.

In March 2022, an unauthorized person viewed the email account of an ARx Patient Solutions employee. A third-party cybersecurity company looked into the breach and confirmed that these types of data were compromised: last name, first name, prescription details, patient account number, medical insurance account member number, medical insurance group number, physician’s name, and in certain limited instances, Social Security number. A lot of the people impacted were minors.

The investigation, including dark web tracking, hasn’t discovered any proof of misuse of the compromised information. ARx Patient Solutions stated it has toughened system security by using XDR threat monitoring programs, proactive vulnerability management systems, and active system scanning applications, and has made substantial funding for its Security Operations department. Impacted persons were informed on June 30, 2023, and were provided with an identity theft monitoring service for one year.

The City of San Luis Announces Email Breach Impacting 6,848 People

The City of San Luis in Arizona has identified unauthorized access to the email account of an employee that included the protected health information (PHI) of 6,848 persons. On March 7, 2023, suspicious activity was discovered in the email account. The forensic investigation affirmed the account’s unauthorized access from February 1, 2023 to February 23, 2023. The analysis of the email messages and attachments was finished on May 4, 2023. After validating the contact details, the company sent notification letters. Impacted persons had at least one of these exposed: name, driver’s license number, address, medical insurance details, medical data, birth date, and Social Security number.

Arizona Medicaid Agency Announces Medicaid Recipients’ PHI Exposure

Arizona Health Care Cost Containment System (AHCCCS), the Medicaid agency in Arizona, has reported the exposure of the PHI of 2,632 Medicaid recipients. On May 11, 2023, AHCCCS identified a vulnerability on the e-Arizona website, particularly in the HEAplus system toolbar, which permitted access to sensitive data. The data compromised was restricted to first and last names, the last four numbers of Social Security numbers, and addresses. Security updates had been implemented to keep the same breaches from happening once again and the impacted persons received notifications via mail on July 3, 2023.

Vitality Group Experiences MOVEit Data Breach

The behavioral engagement platform provider known as Vitality Group, based in Chicago, IL encountered a data breach on May 30, 2023, because hackers took advantage of a zero-day vulnerability present in the MOVEit file transfer application. Its IT security team detected the breach on June 1, 2023, and took steps immediately to stop continuing unauthorized access; nevertheless, within 2 hours, hackers got access to the server and the installed MOVEit application. They potentially stole sensitive information including names, birth dates, mailing addresses, email addresses, and Social Security numbers.

Those whose Social Security numbers were exposed received free credit monitoring and identity theft protection services for two years from Vitality Group. The number of clients affected is presently not clear, but one of them is AltaMed Health Services Corporation based in Los Angeles, CA.

PHI of Over 24,000 Mount Desert Island Hospital Patients Exposed

Mount Desert Island Hospital in Bar Harbor, ME, has released a press release concerning a security incident that was discovered on May 4, 2023. After detecting suspicious activity in its computer systems, the hospital launched an investigation confirming that unauthorized individuals accessed selected parts of its system from April 28, 2023 to May 7, 2023.

An analysis of all files found on the breached sections of the network affirmed the exposure of PHI, including names, birth dates, addresses, driver’s license/state ID numbers, Social Security numbers, financial account details, medical record numbers, Medicaid or Medicare
ID numbers, mental or physical treatment/condition details, diagnosis codes/data, admission/discharge dates, dates of service, prescription details, billing/claims data, personal representative/guardian names, and medical insurance details.

Third-party security professionals made its system more powerful and applied extra security measures, and conducted an analysis of its data protection guidelines and procedures. Free credit monitoring services were provided to the 24,180 impacted people.

Data Breach at Advanced Medical Management Impacts 319,485 People

Advanced Medical Management LLC, a company of operational, technical and administrative healthcare management solutions to big doctor organizations, federal agencies, and health plans, has lately reported that it encountered a cyberattack that resulted in the exposure and potential theft of the PHI of 319,485 individuals.

The forensic investigation affirmed that unauthorized persons acquired access to portions of its system that were created and managed by third-party providers. The security breach was discovered on May 11, 2023, while unauthorized access happened from May 10, 2023 to May 13, 2023.

An analysis was carried out of all records on the breached systems and affirmed they included data for example names, addresses, email addresses, telephone numbers, birth dates, Social Security numbers, driver’s license numbers, and medical insurance data. Advanced Medical Management sent notification letters by mail to impacted persons starting on June 29, 2023.

Californian Law Agency Reports Data Breach Impacting About 41,000 People

The law agency, Orrick, Herrington & Sutcliffe LLP, based in San Francisco, CA has just reported a break-in of its IT setting and the compromise of the PHI of around 40,823 people. In a breach report sent to the Montana Attorney General, the law agency stated a possible system attack was discovered on March 13, 2023, and as per the forensic investigation, unauthorized people had acquired access to a part of its system that stored client files. Those files included names, addresses, dates of birth, and Social Security numbers. The investigation additionally affirmed that files were extracted from its system on March 7, 2023.

Persons impacted by the attack consist of members of an unnamed vision health plan, which had involved the law agency after the 2020 security breach. The law agency began mailing notification letters to impacted persons on June 30, 2023 and has provided two years of free identity theft monitoring services to impacted persons. Considering that data was thieved during the attack, anybody getting a letter ought to take advantage of the services being provided through Kroll. The law agency has affirmed that extra security steps were applied to prevent the same attacks later on.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone