Data Breaches at Legacy Community Health Services, Hillcrest Nursing Center and Dental Care Alliance

Email Breach at Legacy Community Health Services Affects 3,076 Patients

Legacy Community Health Services (LCHS) located in Texas is informing 3,076 people that some of their PHI held in an email account were potentially accessed by an unauthorized individual. LCHS noticed the unauthorized access of a staff’s email account on July 24, 2020 and performed a password reset on that day.

A third-party cybersecurity agency helped look into the incident and completed the review of the breach on September 22, 2020. According to the evaluation, the account stored patient names and some clinical data associated to care gotten and the driver’s license number of a patient. There’s no proof of misuse of patient data. Legacy mailed notification letters to the 3,076 affected individuals on November 20, 2020.

This is the 3rd email breach LCHS encountered in 2020. One email account breach occurred in September and impacted 228,000 individuals. Another breach happened in June 2020 and affected 19,000 people.

Unauthorized Medical Record Access at Hillcrest Nursing Center

Hillcrest Nursing Center based in Round Lake Beach, IL has found out that an unauthorized person possibly viewed the PHI of a number of residents.

Some time on August 4, 2020, one staff physician of Hillcrest Nursing Center was fired. On August 23, 2020, a number of family members of residents told Hillcrest that they got a telephone call from the fired doctor and talked about care and treatment. Hillcrest looked into the occurrence and learned that the physician still got access to the Hillcrest medical record system.

Hillcrest canceled the physician’s login right away and examined which records were likely accessed. The review was finished on October 9, 2020 and affirmed that the dismissed doctor viewed 1,030 files which contained names, Social Security numbers, insurance data, medical backgrounds, and treatment details.

Hillcrest already informed all impacted persons and offered free identity theft restoration and credit monitoring services. Currently, a new policy is being enforced that instantly cancels access to the medical record system when workers are fired or leave their job.

Dental Care Alliance Data Breach Impacts 1M Individuals

Dental Care Alliance, LLC based in Sarasota, FL, a dental support company with more than 320 member dental practices throughout 20 states, was hacked and possibly exposing the protected health information (PHI) of over a million persons. The breach took place on September 18, 2020, however it was discovered on October 11, and was controlled on October 13.

The breach investigation didn’t discover any particular evidence to indicate that the attackers acquired or misused patient data. An evaluation of the systems the hackers accessed showed they held names, addresses, names of dentists, diagnoses, treatment information, billing details, patient account numbers, medical insurance details, and bank account numbers for approximately 10% of impacted people.

Dental Care Alliance sent notification letters to the 1,004,304 affected persons in November.