PHI Exposure Due to Unlimited Care Nonstop Administration and Insurance Services Cyberattack

The home healthcare provider based in White Plains, NY, Unlimited Care Inc., suffered a cyberattack that disrupted its system on February 16, 2023. Unlimited Care hired a third-party cybersecurity company to investigate the incident and find out the nature and extent of the attack. Though the investigation is not yet finished, around March 21, 2023, the cybersecurity team confirmed that unauthorized persons got access to sections of its system that stored sensitive information. The attackers potentially viewed or acquired the information.

The exposed data included the names of employees, addresses, dates of birth, and Social Security numbers. Unlimited Care reported the breach to the Maine Attorney General indicating that around 29,066 persons were affected. Those affected individuals received free identity theft protection services.

Unlimited Care stated it conducted a global password reset, has started geo-fencing for non-U.S. email messages, has installed the Carbon Black endpoint detection and response tool, blocked all non-U.S. IP address connections, will be restricting VPN access to certain employees, and has improved its AV software program.

Unauthorized Data Access at Nonstop Administration and Insurance Services

Nonstop Administration and Insurance Services (NAIS), a provider of health insurance benefits administration services for employer groups, recently reported the exposure of the protected health information (PHI) of employees of its customers. An unknown party contacted NAIS on December 22, 2022 and claimed to have gotten access to its company information. NAIS launched an investigation to confirm that claim. It was confirmed that an unauthorized person got access to a cloud services platform for a brief period of time on December 22, 2022. That platform contained the information of its client’s employees.

The attacker accessed information that was different from one individual to another. The exposed information included name, birth date, gender, telephone number, address, email address, Social Security number, health treatment/diagnosis data, and medical insurance company, claims, and billing data. The affected individuals received free credit monitoring and identity theft protection services. NAIS reported the breach to the HHS’ Office for Civil Rights indicating that up to 8,571 persons were affected.

BlackCat Ransomware Attack on Lehigh Valley Health Network

Lehigh Valley Health Network (LVHN) recently told in a court filing that it suffered a BlackCat ransomware attack last February 2023. The attackers acquired access to patient data with sensitive pictures of about 2,760 patients.

LVHN stated the attackers exfiltrated data and demanded a $5 million ransom payment in exchange for not publishing the stolen information. LVHN did not pay the ransom and so the attackers leaked sensitive information on the dark web, including the photographs of patients. The attack targeted Delta Medix, the network support acquired by LVHN in 2021.

The data disclosure resulted in a class action lawsuit filed from the Lackawanna County Court to the U.S. District Court against LVHN. The investigation is not yet done and LVHN is still identifying all impacted persons. So far, the investigation confirmed that the attackers got the data of 2760 patients. The pictures were clinically appropriate and contained nude patient images from the waist up.

21K Iowan Medicaid Recipients Affected by ILS Data Breach

The Iowa Department of Health and Human Services (DHHS) has reported the exposure of the personal data of 20,800 Iowans with Medicaid benefits during a cyberattack that occurred at a subcontractor of one of its business associates from June 30, 2022 to July 5, 2022.

Telligen conducts yearly evaluations on Medicaid recipients for the Iowa DHSS. Telligen hired the services of Independent Living Systems (ILS) to do part of the work. The breach impacted the systems of ILS. Though ILS detected the breach in July 2022, it only notified Telligen about the breach on February 14, 2023. Telligen informed Iowa DHSS after three days on February 17, 2023. The DHSS is going to send notification letters to the impacted persons in the next couple of days.

Independent Living Systems submitted the breach report to the HHS’ Office for Civil Rights. It included a 501 placeholder because the number of impacted persons is not yet determined; nevertheless, the breach report sent to the Maine Attorney General indicated that over 4 million people were affected.

Hacking Incident at Retina & Vitreous of Texas

Retina & Vitreous of Texas, an ophthalmology clinic in Houston, submitted a hacking incident report that affected 35,766 existing and old patients. It detected suspicious activity in its network on February 1, 2023. On February 15, 2023, it was confirmed that unauthorized persons gained access to sections of its system that contain patient data, which the attacker could have viewed or stolen.

The analysis of the impacted files was done on March 21, 2023. It was confirmed that the files included names, addresses, diagnoses and treatment data, insurance carrier details, and insurance subscriber ID numbers. The clinic mailed the notification letters to impacted persons on April 10, 2023.

16,000 Individuals Affected by Southwest Healthcare Services Hacking Incident

Southwest Healthcare Services based in Bowman, ND reported that hackers got access to its system from October 22 to October 29, 2022, and viewed or stole files with patient data. The analysis of the impacted files was done on January 31, 2023. Southwest Healthcare Services sent notification letters to the impacted persons on March 31, 2023.

Southwest Healthcare Services stated that the breached data included names, birth dates, addresses, medical record numbers, internal ID  numbers, driver’s license numbers, state ID numbers, clinical and treatment data, and medical insurance data. A limited number of people also had their Social Security numbers, financial data, and/or payment card details affected.

Those who had their Social Security numbers affected received free credit monitoring services. The breach report submitted to the HHS’ Office for Civil Rights indicated that 15,996 persons were affected.

Stanford University Employee Data Affected by Brightline Medical Associates Breach

Stanford University has reported the theft of the personal data of some employees during a hacking and data theft incident that occurred at Brightline Medical Associates. Brightline provides virtual behavioral and mental health services to the children of employees eligible for such benefits as well as postdoctoral students throughout Stanford’s health plans.

Brightline utilized Fortra’s GoAnywhere Managed File Transfer (MFT) tool. The Clop ransomware group hacked Fortra on January 30, 2023. The group did not deploy ransomware, but stole the files. The Stanford University information only included those belonging to covered persons with dependents below 18 years old and was generally restricted to demographic information like subscriber and dependent names, contact details, member IDs, dates of birth, and coverage start and end dates. There was no data associated with healthcare services, medical conditions, diagnoses, or claims that were impacted. Affected persons will receive notification and an offer for 2 years of free identity theft and credit monitoring services. It is presently not clear how many people were affected by the breach.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at