One Community Health Patients Alerted Concerning a Cyberattack and Data Theft in April 2021

One Community Health located in Sacramento, CA has lately informed patients about the compromise of its systems from April 19 to April 20, 2021. It was uncovered that an unauthorized person has obtained access to systems comprising the personal information and protected health information (PHI) of a number of staff and patients.

A detailed forensic inquiry was carried out by a third-party cybersecurity company to ascertain the nature and extent of the breach, and One Community Health was alerted on October 6, 2021, that the attacker had copied files from its system that contained complete names and at least one of these data: phone number, address, other demographic details, email address, birth date, Social Security number, driver’s license number, insurance data, diagnosis details, and treatment details.

One Community Health started mailing notification letters to all affected individuals on November 22, 2021. There were no documented cases of identity theft or fraud; nevertheless, free credit monitoring services were given to impacted persons as a preventative measure against identity theft and fraud.

One Community Health explained it is working with cybersecurity professionals to boost its protection versus attacks, and has enhanced endpoint detection, email safety, and has subscribed to 24 hours managed detection response.

PHI Disclosure Because of Email Error by Eye Care Product Maker

Alcon, a company of eye care products, has found out that an email problem triggered the disclosure of a number of patients’ protected health information to healthcare organizations not approved to see the data.

On October 5, 2021, Alcon sent patients’ PHI to healthcare companies to help in billing. The emails were intended to merely have data regarding every healthcare organization’s patients; nonetheless, a technical mistake led to the emails including the data of patients of some other healthcare organizations.

The emails comprised selected information concerning patients who had not too long ago acquired an Alcon intraocular lens implant, particularly, last and first names, device serial numbers, dates of implant, and names of treating doctors.

All healthcare companies who got the email were got in touch with and advised to remove the message and Alcon has assessed and updated its guidelines and procedures to avert the same breaches down the road. As a result of the nature of the details exposed and the entities that acquired the data, Alcon thinks no patient data will be utilized wrongly.