Data Breaches at Parker-Hannifin, Vail Health, Behavioral Health Partners of Metrowest

Parker-Hannifin Cyberattack Affects About 120,000 Health Plan Members

Parker-Hannifin Corporation based in Cleveland, OH, a company offering motion and control technologies, lately announced that unauthorized people have obtained access to a section of its IT systems and potentially have acquired files that contain the sensitive records of current and past employees, their dependents, and other persons associated with the organization.

Suspicious activity was discovered within its IT environment on March 14, 2022. The forensic investigation affirmed the access of its systems by unauthorized people from March 11, 2022 to March 14, 2022. A thorough evaluation of the affected files confirmed they comprised information such as names, dates of birth, addresses, driver’s license numbers, passport numbers, Social Security numbers, financial account details like bank account and routing numbers, and online account usernames and passwords. Current and previous Parker Group Health Plan members, those of a health plan sponsored by an entity obtained by Parker, may likewise have had their enrollment data breached, which includes medical insurance plan member ID number as well as dates of coverage.

The breach report was sent to the HHS’ Office for Civil Rights indicating that 119,513 group health plan members were impacted. Affected individuals have been advised and given a complimentary membership to Experian’s IdentityWorks identity theft protection and resolution services for 2 years.

Data Theft Incident Reported by Behavioral Health Partners of Metrowest

Behavioral Health Partners of Metrowest (BHPMW) located in Framingham, MA has informed 11,288 persons that unauthorized individuals copied some of their protected health information (PHI) from its systems. BHPMW became aware of the data breach on October 1, 2022 when the forensic investigation affirmed that the unauthorized individual gained access to its systems and copied information on September 14 and September 18, 2021.

The stolen data is linked to the Behavioral Health Community Partner Program which BHPMW runs under contract with MassHealth, in partnership with the Spectrum Health Systems, Family Continuity, SMOC, Advocates, Wayside Youth and Family Support provider organizations and involved names, birth dates, Social Security numbers, addresses, client identification numbers, health insurance details, and medical diagnosis/treatment data. BHPMW is not aware of any actual or attempted misuse of the stolen details.

Notification letters were delivered to affected people on May 11, 2022, and those persons were offered no-cost credit monitoring and identity protection services.

17,000 Patients Affected by Vail Health Services Data Security Incident

Vail Health in Colorado encountered a data security incident that led to the exposure and possible theft of the PHI of 17,039 patients. Vail Health stated it started having interruptions to its network systems and began an investigation which indicated on April 5, 2022, that an unauthorized person had obtained access to its systems on February 11, 2022.

The compromised systems included some files that contained data regarding persons who acquired COVID-19 tests from Vail Health, for instance, names, dates of birth, contact details, encounter numbers, and COVID-19 test results. No financial data, health insurance details, or Social Security numbers were breached or exposed.

The systems already had controls that minimized access to a few people. Extra security procedures have already been put in place to limit access.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA