A Washington therapist, Robert S. Miller LICSW, ACSW (RSM), lately informed 640 present and past clients concerning a phishing attack that led to the compromise of some of their protected health information (PHI).
State regulations call for the sending of notifications to state attorneys general whenever there is a breach of the personal data of state citizens. The notices usually give the minimum details about privacy breaches, however, in this instance, the therapist described precisely how the phishing attack occurred.
RSM had bought antivirus software from the Iolo Software Company, and later bought an extra encryption software, which had vanished from his PC. RSM was called by an individual who professed to be an Iolo staff who stated he knew that RSM’s computer was hacked and asked for access to eliminate viruses and malware from the computer. Access to the gadget was allowed. RSM stated he found out this was a rip-off when the worker asked for eBay cards valued at $300.
Because of this occurrence, that person got access to the computer between December 2 and December 4, 2022, and possibly acquired files that contain names, birth dates, mailing, and email addresses, telephone numbers, health insurance ID numbers, and clinical details, which involved assessments, progress information, mental health ranking scales, and words.
Based on this occurrence, RSM has undertaken a number of steps to avoid the same occurrences later on, which include using encryption technologies, setting strong passwords, and having a third-party software organization examine computers and eliminate any malware that could have been put in. Impacted clients were provided free identity theft protection services.
MJ Care Submites Email Account Breach Report
MJ Care based in New Berlin, WI offers rehabilitation and health services. It just informed 1,832 patients that their PHI was likely accessed or acquired by an unauthorized person. MJ Care didn’t say when the breach was discovered; nevertheless, the investigation showed the email account was viewed from May 31, 2022, up to June 24, 2022.
The analysis of the impacted email account ended on November 2, 2022, and affirmed the inclusion of patient names together with at least one of these types of data: Social Security numbers, birth dates, financial account details, credit/debit card data, biometric information, service dates, treatment/diagnosis data, names of provider, medical record numbers, patient numbers, medications, frequent medical data, and/or medical insurance policy data. Notifications had been delivered to impacted persons on December 29, 2022. Free credit monitoring services were provided to patients who had their Social Security numbers exposed.