Lifespire Services located in New York provides people with developmental handicaps healthcare services. The company initially reported a security incident in April 2022 and now has an additional update. The incident that disrupted Lifespire Services’ computer systems was detected on February 8, 2022. With the help of a digital forensics company, Lifespire confirmed that unauthorized individuals got access to its systems from January 14, 2022 up to February 8, 2022, and potentially viewed patient information during that time.
On October 7, 2022, Lifespire finished the comprehensive analysis on all files found on the breached sections of its system. It was confirmed that the 15,375 individuals’ protected health information (PHI) was exposed. The following PHI was compromised: names, birth dates, addresses, passport numbers, Social Security numbers, driver’s license numbers, credit card data, bank account information, medical diagnosis/treatment information, medical insurance details, and Medicaid/Medicare numbers.
Lifespire Services mentioned it didn’t get any report of misuse of patient information. Nonetheless, it provided the affected individuals with free credit monitoring and identity protection services membership. Due to the data breach, the company updated its guidelines and procedures linked to network security.
Lifespire Services took a couple of weeks or months to finish the investigation into the data breaches and the analysis of breached files. Notifications regarding the attack were sent to patients in April, despite the fact that the review of files is not finished yet. The HIPAA Breach Notification Law requires HIPAA-covered entities to issue breach notifications without delay. It is critical for patients to know right away when there’s an incident involving their data so they can take immediate action to protect themselves against fraud or misuse of their information. Numerous healthcare organizations put off sending breach announcements until the analysis of files is completed. That procedure, however, can take a couple of months after the breach incident and the theft of patient data may already occur.
Presbyterian Healthcare Services Patient Data Possibly Exposed in Phishing Attack
Presbyterian Healthcare Services based in Albuquerque, NM just announced that an unauthorized third party accessed an employee’s email account where the PHI of 2,624 patients was kept. The breach happened as a result of the employee responding to a phishing email.
The provider discovered the security breach on July 8, 2022, and the succeeding investigation confirmed intermittent access to one email account from March 21, 2022 to July 8, 2022. An analysis of the email account showed that there was no financial data exposed. Nonetheless, the following information may have been accessed: names, birth dates, Social Security numbers, medical insurance data, medical record numbers, and some clinical data associated with payment, for example, treatment data and diagnosis codes.
The analysis of the account is in progress, however, Presbyterian Healthcare Services has begun sending notification letters to impacted persons. Free credit monitoring and identity theft protection services were provided to patients who had their Social Security numbers compromised. Employees received extra security awareness training and improvements to email security were implemented.
This is not Presbyterian Healthcare Services’ first reported breach incident. In August 2019, the provider reported a serious email breach that impacted 1,120,629 individuals. After over a year, the provider also reported a hacking incident that exposed the PHI of 193,223 individuals.