Atlanta Women’s Health Group, P.C., has recently confirmed that the protected health information of up to 33,839 current and former patients has been exposed and potentially stolen in an April 2023 cyberattack. A security breach was detected on April 12, 2023, and third-party cybersecurity experts were engaged to determine the nature and scope of the incident. The investigation confirmed there had been access to patient information, but the breach report did not state whether that information was copied from its systems. Atlanta Women’s Health Group said that at the time of issuing notification letters, no evidence had been found to indicate any misuse of patient data.
For the majority of patients, the information exposed in the attack was limited to names, birth dates, patient ID numbers, and other information that may have been included in medical records. Third-party cybersecurity experts have been engaged to implement additional cybersecurity measures to prevent further data breaches. Affected patients are being encouraged to monitor their credit reports, health account statements, and explanation of benefit forms for suspicious activity.
Blue Cross Vermont Says 16,000 Individuals Affected by January Cyberattack
Approximately 16,000 members of Blue Cross Vermont health plans have had their protected health information compromised in a January 2023 cyberattack. Hackers exploited a zero-day vulnerability in Fortra’s GoAnywhere MFT file transfer solution and accessed and stole sensitive data such as names, birth dates, addresses, medical information, and insurance information. Around 5% of the affected individuals also had their financial information stolen.
Approximately 13,700 of the affected individuals were members of Vermont Blue Advantage Health Insurance Plans, around 2,250 individuals were members of Vermont Blue Advantage Plans, and the remainder of the affected individuals were members of other insurance plans. Notification letters were sent to affected individuals by NationsBenefits, which was the business associate that used GoAnywhere MFT solution that was compromised. NationsBenefits has offered affected individuals 24 months of complimentary credit monitoring services.
Get the FREE
HIPAA Compliance Checklist
Delivered via email so please ensure you enter your email address correctly.
Your Privacy Respected
HIPAA Journal Privacy Policy
New Horizons Medical Breach Impacts 12,317 Patients
New Horizons Medical, Inc., a Massachusetts-based provider of mental health, psychiatry, and substance use treatment services, has recently reported a data breach to the Maine Attorney General that has affected up to 12,317 patients. Unauthorized network access was detected on April 19, 2023, and a third-party forensic investigation was launched to determine the nature of the incident and the extent to which patient data was involved. The investigation revealed unauthorized individuals had access to its network between February 12, 2023, and April 23, 2023, and during that time may have viewed or copied patient information.
The analysis of the affected files confirmed they contained names along with one or more of the following types of information: address, date of birth, Social Security number, driver’s license number, financial account information, medical records number, health insurance plan member ID, claims data, diagnosis, and prescription information. Notification letters were sent to affected individuals on June 16, 2023. Complimentary credit monitoring and identity protection services have been offered to eligible individuals. New Horizons Medical has also confirmed that additional safeguards and technical security measures have been put in place to further protect and monitor its information systems.
Data Security Incident Reported by CareNet Medical Group
CareNet Medical Group in New York has started notifying 3,359 patients that some of their protected health information has been stolen in a security incident. The breach notice does not state when the security incident was detected but the investigation revealed on April 26, 2023, that its network was accessed by an unauthorized individual between May 9, 2022, and June 4, 2022, during which time files were copied from its network.
The compromised information included full names, addresses, driver’s license numbers, bank account numbers/routing numbers, dates of birth, medical reference numbers, Medicare numbers, cell phone numbers, home phone numbers, health insurance information, email addresses, and Social Security numbers. Notification letters were sent to affected individuals on June 2, 2023, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were exposed.  No explanation was provided as to why it took almost 11 months to determine that patient data had been compromised.
