Prestera Mental Health Center based in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or about April 1, 2021, Prestera Center found out that a number of worker email accounts had been accessed with no authorization from August 2020 to September 2020.
Though unauthorized access was established, the center wasn’t able to know if any patient data was viewed or obtained.
A review was done to know the types of data that were found in the email accounts and which people were impacted. The types of information in the account were different for every individual and might have contained names, birth dates, addresses, Social Security numbers, state ID card numbers, financial account details, medical data, and health insurance data.
Upon uncovering the breach, immediate action was undertaken to safeguard the accounts to stop any more unauthorized access. Guidelines and procedures were since evaluated and modified, and supplemental safety measures were enforced to boost email security.
Notification letters were delivered to affected persons and a free TransUnion Interactive MyTrueIdentity credit monitoring service membership was given.
For the last few months, this is the second reported email account breach. On December 31, 2020, Prestera Center filed an email account breach report impacting patient names, dates of birth, medical record and/or patient account numbers, diagnostic details, healthcare provider details, medication and/or treatment data and, in some cases, addresses, social security numbers and Medicaid/Medicare ID numbers. It is not clear if these two occurrences are correlated.
Wisconsin Institute of Urology Reports PHI Potentially Exposed in Email Security Breach
Wisconsin Institute of Urology (WIU) has uncovered that an unauthorized individual viewed the email account of a worker. WIU was notified concerning the breach on or approximately May 26, 2021 when suspicious activity was observed in the email account. WIU quickly secured the account by modifying the password and started an investigation to find out the nature and scope of the breach.
It was established on June 9, 2021 that an unauthorized person had employed the employee’s information to view the account; nevertheless, no reports were obtained concerning any incidents of patient data misuse.
A time-consuming assessment was performed to determine all people whose protected health information (PHI) was included in email messages and attachments. That evaluation showed the email account held PHI like names, birth dates, medical treatment and/or medical diagnosis data, medical insurance details and, for certain people, Social Security numbers. It is at this time unknown how many persons were impacted.