Dental Care Alliance, LLC based in Sarasota, FL, a dental support provider with more than 320 affiliated dental practices in 20 states, was hacked and potentially compromising the protected health information (PHI) of over a million people. The breach happened on September 18, 2020, but it was discovered on October 11, and was managed on October 13.
The breach investigation did not find any evidence to show that the attackers obtained or misused patient information. An analysis of the systems the attackers accessed revealed they held names, addresses, dentists’ names, diagnoses, treatment data, billing details, patient account numbers, health insurance data, and bank account numbers of about 10% of affected persons.
Dental Care Alliance sent breach notification letters to the 1,004,304 impacted people in November.
Email Breach at Legacy Community Health Services Impacts 3,076 Patients
Legacy Community Health Services (LCHS) located in Texas is sending notifications to 3,076 persons that some of their protected health information contained in an email account was possibly accessed by an unauthorized individual. LCHS noticed the unauthorized login to a worker’s email account on July 24, 2020 and performed a password reset on the same day.
A third-party cybersecurity company helped investigate the breach and finished the review of the compromised on September 22, 2020. As per the evaluation, the account stored patient names and limited clinical details related to care acquired and the driver’s license number of one patient. There is no proof of misuse of patient information. Legacy mailed breach notifications to the 3,076 patients on November 20, 2020.
This is the third email breach LCHS reported in 2020. One email account breach occurred in September and affected 228,000 individuals. Another breach happened in June 2020 and impacted 19,000 people.
Unauthorized Medical Record Access at Hillcrest Nursing Center
Hillcrest Nursing Center based in Round Lake Beach, IL has found out that an unauthorized person potentially viewed the PHI of certain residents.
On or around August 4, 2020, one of the staff physicians of Hillcrest Nursing Center was terminated. On August 23, 2020, some family members of residents informed Hillcrest that they received a phone call from the fired physician and discussed care and treatment. Hillcrest investigated the incident and learned that the doctor still could access the Hillcrest medical record system.
Hillcrest revoked the doctor’s login immediately and reviewed which records were potentially accessed. The review was done on October 9, 2020, which confirmed that the dismissed physician accessed 1,030 records which had data including names, Social Security numbers, insurance data, medical histories, and treatment data.
Hillcrest already notified all affected people and provided complimentary identity theft restoration and credit monitoring services. Now, a new policy is being implemented that immediately revokes access to the electronic medical record system when employees are dismissed or leave employment.