Third-Party Data Breaches Impact Lexington Medical Center and CalViva Health

Wake Forest Baptist Health made an announcement that an unauthorized individual acquired access to the systems of Healthgrades Operating Co. Inc, its technology vendor between October 16 and October 28, 2020 and possibly viewed or obtained files with the protected health information (PHI) of some patients of Lexington Medical Center based in North Carolina.

The breach happened at Healthgrades Operating Co. Inc., which provided patient and community education about health concerns and medical assistance to the hospital. There is no mention regarding the particular nature of the breach.

There is no report received thus far that indicates the theft or misuse of any information. The types of PHI likely viewed include names, dates of birth, addresses, contact details, demographic data, medical treatment data, and Social Security numbers. The records contained PHI dated from mid-2010 to the middle of-2011.

Wake Forest Baptist Health has notified by mail all people whose PHI was possibly compromised in the attack on March 26, 2021 and offered credit monitoring and identity theft protection services for free.

It is unclear at this time how many persons were affected by the breach.

Accellion Ransomware Attack Impacted CalViva Health Members

The PHI of selected members of CalViva Health located in Fresno, CA was breached in a cyberattack that occurred at a third-party vendor. The people behind the ransomware attack may have accessed or copied sensitive data, though there are no signs at this point that any sensitive data were misused.

The provider was Health Net Community Solutions. Accellion, which provided its file transfer solution, suffered a ransomware attack resulting in the theft of customers’ files. The attackers got access to information in the solution from January 7 to January 25, 2021.

As is common in manual ransomware attacks, the attackers published a sample of the stolen data on its leak website to force the payment of ransom. It is not clear if any of that information is associated with CalViva Health members.

Since then, Health Net got all files associated with CalViva members from the file transfer system of Accellion and has now discontinued usage of Accellion’s file transfer services.

CalViva Health has notified all impacted members to keep track of their explanation of benefits statements and other reports for indications of fraudulent activity. As a safety measure against identity theft and fraud, CalViva Health provided all affected individuals a one-year membership to credit monitoring and identity theft services at no cost.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA