PHI of Washington Therapist’s Patients Exposed Due to Phishing Attack

A Washington therapist, Robert S. Miller LICSW, ACSW (RSM), lately informed 640 present and past clients concerning a phishing attack that led to the compromise of some of their protected health information (PHI).

State regulations call for the sending of notifications to state attorneys general whenever there is a breach of the personal data of state citizens. The notices usually give the minimum details about privacy breaches, however, in this instance, the therapist described precisely how the phishing attack occurred.

RSM had bought antivirus software from the Iolo Software Company, and later bought an extra encryption software, which had vanished from his PC. RSM was called by an individual who professed to be an Iolo staff who stated he knew that RSM’s computer was hacked and asked for access to eliminate viruses and malware from the computer. Access to the gadget was allowed. RSM stated he found out this was a rip-off when the worker asked for eBay cards valued at $300.

Because of this occurrence, that person got access to the computer between December 2 and December 4, 2022, and possibly acquired files that contain names, birth dates, mailing, and email addresses, telephone numbers, health insurance ID numbers, and clinical details, which involved assessments, progress information, mental health ranking scales, and words.

Based on this occurrence, RSM has undertaken a number of steps to avoid the same occurrences later on, which include using encryption technologies, setting strong passwords, and having a third-party software organization examine computers and eliminate any malware that could have been put in. Impacted clients were provided free identity theft protection services.

MJ Care Submites Email Account Breach Report

MJ Care based in New Berlin, WI offers rehabilitation and health services. It just informed 1,832 patients that their PHI was likely accessed or acquired by an unauthorized person. MJ Care didn’t say when the breach was discovered; nevertheless, the investigation showed the email account was viewed from May 31, 2022, up to June 24, 2022.

The analysis of the impacted email account ended on November 2, 2022, and affirmed the inclusion of patient names together with at least one of these types of data: Social Security numbers, birth dates, financial account details, credit/debit card data, biometric information, service dates, treatment/diagnosis data, names of provider, medical record numbers, patient numbers, medications, frequent medical data, and/or medical insurance policy data. Notifications had been delivered to impacted persons on December 29, 2022. Free credit monitoring services were provided to patients who had their Social Security numbers exposed.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone