Data Breaches Reported by Aesthetic Dermatology Associates, Family Medicine Shady Grove and UW Medicine

Aesthetic Dermatology Associates based in Pennsylvania has lately confirmed that unauthorized individuals accessed its network and possibly viewed and/or obtained files that contain the personal data and protected health information (PHI) of 33,793 present and past patients.

The healthcare provider detected the cyberattack on August 15, 2022 upon noticing suspicious activity within its system. An investigation was started to find out the nature and extent of the attack, and it was confirmed that unauthorized persons got access to its system. However, there was no mention of the nature of the attack nor about the period of time the network was accessed.

A thorough analysis of all files on the breached areas of the system was finished on September 3, 2022. It was confirmed that the breach was restricted to names, birth dates, addresses, diagnosis codes, and medical insurance details. Aesthetic Dermatology stated it is reviewing its guidelines, procedures, and controls. There will be appropriate updates to strengthen security. When notifications were issued, there was no report received that suggests the misuse of any patient information.

About 6,500 Family Medicine Shady Grove Patients’ Data Exposed in Ransomware Attack

Family Medicine Shady Grove located in Rockville, MD, has reported that it suffered a ransomware attack in August 9, 2022. Unauthorized persons accessed an internal server and encrypted files. The provider stated that patient health records were not impacted, because they were kept in a cloud-based system; nevertheless, the server stored monthly billing printouts and explanations of benefits with data such as names, birth dates, and addresses. There was no credit card information or Social Security number compromised.

Family Medicine Shady Grove mentioned that a computer forensics team helped with the investigation and that the affected files can be recovered. That action was finished on September 5, 2022. There was no proof of data theft found in the course of the investigation and there was no report received that suggests the misuse of patient data. Steps were since taken to enhance data security to avoid more attacks later on. The breach report was submitted to the HHS’ Office for Civil Rights indicating that 6,482 patients were affected.

UW Medicine Impacted by Mail Service Vendor Ransomware Attack

UW Medicine based in Seattle stated that the PHI of 3,800 patients was likely exposed in a ransomware attack on Kaye-Smith, its mail service vendor. According to the investigation, there was no evidence found that suggests the misuse of patient information; nevertheless, as a safety measure, Kaye Smith has provided the impacted persons with free credit monitoring and identity theft protection services.

Kaye-Smith informed UW Medicine regarding the breach on August 24, 2022. The notice mentioned that the attackers got access to statements of Patient Account & Support Services and letters related to billing services. The documents included data like names, addresses, medical record numbers, account numbers, names of treatment providers, and medical services descriptions.

Besides affecting the 3,800 UW Medicine patients, there were also 2,857 Geisinger patients, and 6,750 patients of Seattle Children affected. Kaye-Smith Enterprises self-reported the breach indicating that 2,857 persons were affected.

About Christine Garcia 1201 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA