Data Breaches at Receivables Performance Management and San Gorgonio Memorial Hospital

San Gorgonio Memorial Hospital based in California and Receivables Performance Management based in Washington recently reported data breaches. The latter’s data breach has impacted more than 3.7 million persons.

Receivables Performance Management

Receivables Performance Management (RPM) in Lynnwood, WA, a business associate of a number of HIPAA-covered entities, has lately begun notifying people affected by a ransomware attack in 2021. RPM discovered the incident on May 12, 2021 and its investigation confirmed the initial breach of its systems on April 8, 2021. However, file encryption only started on May 12.

RPM said it stopped the attack and re-establish its systems in 36 hours and had a computer forensics company investigate the breach and determine the nature and magnitude of the attack; nonetheless, the types of information and people impacted were determined only on October 2, 2022. RPM stated that the long time of investigating the breach was because of the infrastructure complexities of RPM’s server. RPM mentioned it acquired confirmation that the data is no longer under the command of the third party(ies) linked to this incident.

RPM stated personal information was possibly compromised, such as Social Security numbers. Affected people are being provided complimentary credit monitoring services. RPM mentioned it is working with security specialists to enhance its defenses to avoid identical breaches later on. At this period, the number of people affected by the breach is not yet confirmed. The breach report filed with the Maine Attorney general shows a total of 3,766,573 persons were impacted, with around 500,000 of those people residing in Texas. The incident is not yet posted on the HHS’ Office for Civil Rights breach portal.

San Gorgonio Memorial Hospital Data Breach

San Gorgonio Memorial Hospital based in Banning, CA, has begun informing selected patients with regard to a computer breach and data theft occurrence. The hospital detected a security incident on November 10, 2022, and took immediate action to segregate and power down its systems. It was confirmed by the forensic investigation that an unauthorized person acquired access to its system from October 29, 2022 to November 10. Throughout that time of access, the hacker copied files from its systems. On November 14, 2022, the forensic investigator said that the files included patient data.

An immediate notification was provided to the California Attorney General, even though the document analysis and investigation are in progress. It was confirmed that the files included data like names, addresses, dates of birth, visit ID numbers, medical record numbers, medical insurance details, and/or clinical data, such as diagnosis and treatment details.

San Gorgonio Memorial Hospital mentioned more safety measures were applied to stop more data breaches. The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently uncertain how many persons were impacted.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA