Data Breach Reports Submitted by New Jersey Brain and Spine, Highmark Inc. and Dialyze Direct

New Jersey Brain and Spine (NJBS) has lately reported it suffered a cyberattack on or approximately November 16, 2021, that encrypted data files on its system. NJBS mentioned it promptly took steps to safeguard its network and involved a computer forensic company to investigate the security breach. Though no proof was uncovered that reveals there was any misuse of patient files because of the attack, the forensics agency stated the attacker could have accessed files comprising patient records.

A third party vendor performed an assessment of all files on its system that was likely accessed, and though the data mining process is ongoing, it was affirmed that the files included details like names, email addresses, physical addresses, birth dates, telephone numbers, social security numbers, driver’s license numbers or other ID numbers, financial account data, debit or credit card details, and medical data. Notification letters had been mailed to impacted persons on March 10, 2022.

NJBS mentioned that subsequent to the breach, various steps were undertaken to better secure patient information, which includes utilizing 2-factor authentication, migrating patient information to a third-party hosted cloud-based environment, and using a new server. NJBS has furthermore employed an ongoing monitoring response solution that oversees user activity, services, and ports, and syncs logging.

The breach report was submitted to the HHS’ Office for Civil Rights indicating that around 92,453 people were impacted.

Dialyze Direct Warns Patients Concerning PHI Exposure in Cyberattack

Dialyze Direct, a provider of kidney care services in Neptune City, NJ, has encountered a data breach that has impacted around 14,203 patients. As per a March 10, 2022 data breach notice, Dialyze Direct stated it uncovered on February 14, 2022, that an unauthorized person obtained access to a staff email account between January 21, 2021 and March 4, 2021.

A detailed analysis of the email account established it comprised patients’ protected health information (PHI) including names, dates of birth, Social Security numbers, government ID numbers, financial account details, payment card data, and medical details that possibly includes financial identification numbers, medical diagnostic and treatment information, and/or health insurance plan data.

Notification letters were delivered to affected patients. Persons whose Social Security numbers were likely breached were given complimentary credit monitoring services. Dialyze Direct mentioned it has seen no information that suggests the misuse of any patient data.

Highmark Inc. Patients Affected by Breach at Printing and Mailing Vendor

Highmark Inc., a nonprofit healthcare corporation and Integrated Delivery Network based in Pittsburgh, PA, has just announced that some HIPAA-protected records were exposed in a data breach at Quantum Group. Highmark’s marketing services provider, Webb Mason, the printing and mailing vendor, employs Quantum Group as its printing and mailing vendor.

Webb Mason allowed Quantum Group access to patient information in 2017 to aid with marketing work for Highmark, and that data was possibly accessed by unauthorized persons. Highmark mentioned that its own IT programs were not compromised.

Highmark reported the breach as having an effect on approximately 67,147 people, who were provided free online identity monitoring services for one year.