Consensus Medical Group Patients Affected by Continuum Health Alliance Data Breach
Continuum Health Alliance based in Marlton, NJ recently affirmed that it has suffered a security incident that compromised the data of 377,119 patients of Consensus Medical Group, its customer that is a doctor-owned medical group located in Evesham, NJ. Continuum discovered unauthorized activity inside its system on October 19, 2023. After taking action to protect its systems, third-party cybersecurity experts were involved to figure out the suspicious activity. As per the forensic investigation, an unauthorized third party had acquired access to parts of its network between October 18 and October 19 and obtained some files.
On February 16, 2024, Continuum reported on its web page that it was checking out the incident while the investigation was in progress. The file evaluation was done on March 8, 2024, and it was affirmed that the breached information contained the names of patients and Social Security numbers. Continuum then validated the data and acquired updated address data. Notification letters were sent on April 29, 2024.
Continuum has put in place more safety measures to avoid more security incidents and has given supplemental HIPAA training for employees. The impacted persons received free credit monitoring and identity theft protection services for one year.
MedStar Health Hacking Incident
MedStar Health is a non-profit healthcare company that manages 10 hospitals in the Baltimore-Washington area. Hackers acquired access to its system and may have acquired the PHI of 183,000 patients, such as names, addresses, birth dates, dates of service, names of providers, and medical insurance details.
MedStar Health didn’t mention when it first detected the unauthorized access but reported that unauthorized persons accessed the email accounts of three workers irregularly from January 2023 to October 2023. MedStar Health explained it believes that patient information was not viewed or stolen, but it wasn’t possible to exclude data theft with absolute certainty. In compliance with HIPAA, MedStar Health had put in place technical, administrative, and physical safety measures to protect the confidentiality of patient information. Since the breach has increased those safety measures to stop identical breaches later on, the impacted persons were informed via mail on May 3, 2024.
Bluegrass Care Navigators Email Account Breach
Hospice of the Bluegrass, Inc., also called Bluegrass Care Navigators, has submitted a data security report affecting the PHI of 2,282 persons. On March 4, 2024, The Kentucky, home healthcare company and hospice provider, discovered unauthorized access to the email account of an employee. The forensic investigation did not find any proof of access to its system, electronic health records, or other email accounts of employees. The breached account was analyzed and it was confirmed that it included data like patient names and medical insurance data. Bluegrass Care Navigators stated it has applied extra safety measures to enhance email security.
