Texas-based primary care clinic network Family Health Centers (FMC) has recently notified the Department of Health and Human Services (HHS) of a data breach involving the protected health information of 233,948 individuals.
According to a notice posted to the network’s website, FMC had discovered suspicious activity on its network on July 26, 2022. Upon discovery, the network promptly conducted a comprehensive forensic investigation with the help of independent information technology security and forensic specialists to determine the nature of the breach and what information had been obtained by the third party. The investigation concluded that files containing information such as full names, birth dates, mailing addresses, Social Security numbers, and other protected information had been accessed by an unauthorized third party. FMC also maintained that they responded immediately to secure their network and implement a multitude of safety measures to limit the risks of the breach.
FMC asserts that there has been no evidence for misuse or related identity theft of any information potentially acquired by the third party. Despite this, FMC is offering identity theft monitoring services to all affected individuals free of charge. The network of primary care clinics will also continue to monitor their network for any evidence of suspicious activity. On September 23, 2022, FMC notified all affected individuals will breach notification letters including additional information about the data breach and detailed what specific information had been exposed for each individual. FMC has also requested all affected individuals to contact them if any questions arise relating to the breach.
Over 58,000 Individuals Affected By Reelfoot Family Walk-In Clinic Data Breach
Dyersburg-based Reelfoot Family Walk-In Clinic has recently suffered a data breach that exposed the protected health information of 58,562 patients. On July 24, 2022, the clinic discovered suspicious activity on its systems and promptly implemented a number of mitigations and launched a forensic investigation to determine the extent of the breach.
The investigation concluded that an unauthorized third party had gained access to the clinic’s systems in the time period between July 10, 2022, and August 14, 2022. The attackers had access to files containing sensitive client information such as names, birth dates, Social Security numbers, addresses, diagnoses, disability codes, medications, medical records, claims information, patient IDs, and several other forms of individually identifiable information. The third party exfiltrated the data from the systems which experts say can be used for exploitation.
Reelfoot has stated that they will continue to implement a number of further safeguards in order to ensure the confidentiality, integrity, and availability of the sensitive patient information they maintain on their systems. Additionally, the clinic has offered a year of complimentary credit monitoring services to all affected individuals.
