Patient Data Exposed Due to UC San Diego Health
Phishing Attack
UC San Diego Health recently sent a notification to the California Attorney General concerning a phishing attack that was identified on January 9, 2024, wherein the sensitive data of patients were compromised. Two Hillcrest Medical Center workers replied to the phishing emails and compromised their credentials, hence, allowing unauthorized individuals to access their email accounts. UC San Diego Health stated the email accounts were accessed for brief moments between January 9, 2024 and January 22, 2024.
An assessment of the exposed emails and attachments was concluded on February 26, 2024. It showed that they involved patients’ protected health information (PHI) such as names, Social Security numbers, and at least one of these information: date of birth, mailing address, email address, medical record number, health insurance details, treatment cost data, and/or clinical data, including prescription drugs, name of provider or diagnosis.
UC San Diego Health mentioned it is improving its security controls and will offer phishing prevention training and education to its workers. Notification letters are being sent to the affected people. Complimentary credit monitoring and identity theft protection services are also being offered. It is currently uncertain how many persons are impacted.
Patient Information Compromised at Littleton Regional Healthcare
Littleton Regional Healthcare located in New Hampshire recently reported a breach of the PHI of 12,614 persons. On January 2, 2024, a worker sent an email that contained the patient’s names and birth dates to a person who was not allowed to get the information. That individual called Littleton Regional Healthcare to report the error on the same day and confirmed that the data in the email was not shared with any person and that the email was removed. Littleton Regional Healthcare has notified the affected people, evaluated the guidelines and procedures, and has given extra HIPAA training to staff members to minimize the possibility of similar errors in the future.
More Than 3,300 Patients Affected by Texas Health and Human Services Commission Breach
The Texas Health and Human Services Commission (HHSC) uncovered an impermissible disclosure of the personal information of 3,392 people. On January 11, 2024, a staff member emailed spreadsheets that contained sensitive data to a personal email account. The spreadsheets included the personal details of individuals who live in or close to Longview, Tyler, Texarkana, Beaumont, Marshall, and Nacogdoches and contained full names, addresses, telephone numbers, financial data, health details, Social Security numbers, and Medicaid numbers. The spreadsheets were transmitted in many emails from September 2023 to October 2023.
The breach investigation ended on February 2, 2024. Notification letters were mailed to the impacted persons, who were provided a year of free credit monitoring services. HHSC stated it did not find any evidence that suggests the sharing of the spreadsheets with any other persons or the misuse of the information. Extra training has been offered to employees to remind them of the value of HIPAA and safeguarding confidential data.
Software-Related Data Breach at UT Southwestern Medical Center
UT Southwestern Medical Center recently sent a breach notification letter to the Texas Attorney General that involved the PHI of 2,094 individuals. At this point, not much data regarding the data breach is given, but the medical center has said that the breach was not because of a cyberattack and was related to the use of unapproved software program. The data that was affected included names, birth dates, addresses, medical insurance information, and medical data. UT Southwestern Medical Center is presently preparing individual notifications, which will be mailed shortly.
