Third-Party Data Breaches Affect Lexington Medical Center and CalViva Health

Wake Forest Baptist Health reported that an unauthorized person obtained access to the networks of Healthgrades Operating Co. Inc, its technology vendor from October 16 to October 28, 2020 and likely viewed or grabbed files that contain the protected health information (PHI) of a number of patients of Lexington Medical Center based in North Carolina.

The breach took place at Healthgrades Operating Co. Inc., which offered patient and community learning about health issues and medical offerings to the hospital. There is no statement regarding the precise nature of the breach.

There is no report obtained so far that suggests the theft or improper use of any data. The types of PHI possibly breached include names, birth dates, addresses, contact details, demographic data, medical treatment details, and Social Security numbers. The documents included PHI with dates from mid-2010 up to the middle of-2011.

Wake Forest Baptist Health mailed notifications to all persons whose PHI was likely compromised in the attack on March 26, 2021 and offered credit monitoring and identity theft protection services at no cost.

It is uncertain at the moment how many people were impacted by the incident.

Accellion Ransomware Attack Affected CalViva Health Members

The PHI of some members of CalViva Health located in Fresno, CA was breached in a cyberattack that happened at a third-party vendor. The persons responsible for the attack may have viewed or obtained sensitive information, even though there are no hints at this time that any sensitive information was improperly used.

The provider was Health Net Community Solutions. Accellion, which supplied its file transfer solution, experienced a ransomware attack causing the stealing of customers’ records. The hackers acquired access to data in the solution between January 7 and January 25, 2021.

As is usual in manual ransomware attacks, the attackers exposed a part of the stolen information on its leak webpage to compel ransom payment. It is uncertain if any of that data pertains to CalViva Health members.

Since that time, Health Net took all files concerning CalViva members from the file transfer system of Accellion and has already ceased utilizing Accellion’s file transfer solutions.

CalViva Health has informed all affected members to keep an eye on their explanation of benefits statements and other documents for clues of fraudulent transactions. As a preventative measure against identity theft and fraud, CalViva Health provided all impacted persons with a 12-month membership to credit monitoring and identity theft services for free.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at