Data Breaches at the Institute for Integrative Nutrition, Colorado Mental Health Center and Texas Recycling Center

The Institute for Integrative Nutrition in New York City encountered a phishing attack in March 2020, which resulted in the potential exposure of personal data. The institute only became aware of the breached email account on June 22, 2020. According to the investigators, an unauthorized person gained access to one email account starting March 3, 2020 up to March 4, 2020.

Third party cybersecurity specialists assisted the investigation and confirmed after a manual document review that the unauthorized person potentially accessed names and personal information like Social Security numbers. But data theft is not confirmed by any evidence.

As a safety measure, the Institute for Integrative Nutrition provided free identity theft protection services to the persons affected by the breach. More safety measures had been implemented as well to avoid having other breaches again.

Phishing Attack on Colorado Mental Health Center

Mental Health Center of Boulder County Inc. in Lafayette, CO, also known as Mental Health Partners, encountered a phishing attack last March resulting in the potential compromise of employee data and the protected health information (PHI).

Forensic investigators confirmed to Mental Health Partners on July 22, 2020 that the following data may have been accessed without authorization or may have been stolen: names; birth dates; Social Security numbers; state identification card numbers; driver’s license numbers; passport numbers; financial account data; medical treatment data, such as symptom, diagnosis, treatment, prescribed medicines, and physician details; medical record numbers; and/or medical insurance data.

Mental Health Partners offered free credit monitoring services to the affected persons. There is no evidence found that suggests the misuse or theft of data. After the attack, Mental Health Partners reviewed its company policies and procedures and implemented further safeguards to improve digital security.

Boxes of Medical Records Improperly Disposed at Texas Recycling Center

Over 2 dozen boxes of old medical documents were found at a recycling center in Odessa, TX. The documents seem to originate from West Texas Orthopedics, a part of Midland Health. There is no information regarding how the records landed at the recycling center and the reason why the HIPAA rules of secure disposal were not followed.

Midland Health’s team looked through the records on-site at Odessa Recycling Center. They claim the records do not belong to them explaining that other entities have used the name West Texas Orthopedics in the past. Moreover, the date on the records indicate the time before Midland Health’s ownership of West Texas Orthopedics.