PHI Exposed Due to Data Breaches at Benson Health, AllOne Health and Southwest Health Center

Benson Health in North Carolina has lately begun informing 28,913 individuals about the potential access or acquisition of their protected health information (PHI) during a cyberattack discovered on May 5, 2021. Benson Health stated it launched an investigation immediately after discovering the breach, and an expert cybersecurity and data privacy law agency and third-party forensic professionals helped with the investigation. The findings of the investigation confirmed that the attacker potentially accessed and stole a data set.

Data mining specialists were involved to conduct a thorough evaluation of the impacted data, which affirmed on July 7, 2022, that the data set contained names, dates of birth, Social Security numbers, and medical and treatment data.

Benson Health sent notification letters to impacted persons on July 12, 2021, over 14 months after the initial discovery of the data breach. Impacted persons also received offers of free Credit Monitoring, Credit Report and Credit Score services from Single Bureau for 12 months.

Business Email Compromise Attack on AllOne Health

AllOne Health based in Wilkes-Barre, PA, a physical and mental health services provider in workplaces, lately reported that an unauthorized third party accessed an employee’s email account. In February 2022, the breach was discovered when wire transfers to intended payees were found to have been sent to a bank account that is fraudulently created. The incident investigation showed the compromise of an employee’s email account, which was employed for a business email compromise attack that requests fake transfers. A forensic analysis was performed afterward to find out whether the account contained any patient data.

AllOne Health mentioned the email account held the PHI of 13,669 persons, such as names, addresses, birth dates, Social Security numbers, driver’s license numbers, and some medical data. Though that data might have been accessed or stolen, the objective of the attack was to make fake wire transfers. Minimal financial records were viewed as part of the fraud, however, there was no proof that indicates the scammer viewed or acquired any patient information.

AllOne Health stated all organization passwords had been reset upon discovery of the attack, and extra safety measures had been enforced on its systems to avoid other email account breaches. The company offered the affected persons a complimentary membership to identity protection and credit monitoring services by Epiq for 12 months.

PHI of Over 46,000 Individuals Exposed in Data Breach at Southwest Health Center

Southwest Health Center based in Platteville, WI lately reported that unauthorized persons accessed or obtained the PHI of 46,142 patients.

Southwest Health Center discovered suspicious activity inside its system on January 11, 2022. The forensic investigation confirmed that unauthorized persons acquired access to folders containing patient data and extracted selected files from its systems. A thorough evaluation of the files was done on May 27, 2022, which revealed the inclusion of patient data like names, birth dates, clinical and treatment data, and Social Security numbers in the files. Issuance of notification letters to impacted persons was delayed because of the long process of identifying present address details for those persons.

Southwest Health Center mailed notification letters to impacted persons on July 5, 2022, and has provided free credit monitoring and identity theft restoration services via IDX for 12 months.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at