Email Account Breaches Reported by Newman Regional Health and Contra Costa County

Newman Regional Health (NRH), which runs a 25-bed critical access hospital situated in Emporia, KS, has of late commenced notifying 52,224 people that unauthorized folks have obtained access to a few employee email accounts comprising protected health information (PHI).

NRH noted on its web page that unauthorized persons had seen a number of employee email accounts in a period of 10 months in 2021 from January 26, 2021 to November 23, 2021. After identification of the data breach, prompt measures were done to secure the email accounts. NRH began an investigation to determine the magnitude and nature of the breach.

NRH mentioned that an audit of the email messages in the accessed accounts affirmed on March 14, 2022 the exposure of the following types of patient information: Names, birth dates, e-mail addresses, addresses, medical record/ID numbers, mobile numbers, and a few health, treatment or insurance details. Several employees’ information affected was related to a person’s getting services from or employment with NRH. A number of them furthermore had their financial details or Social Security numbers breached.

The types of patient data accessed differed from individual to individual, and there was no confirmation of fraudulent activity arising from the breach found while sending notification letters. NRH mentioned it has implemented supplemental measures to reinforce security.

Contra Costa County Confirms Email Account Security Breach

Contra Costa County in California has confirmed a breach of employee email accounts and the breach of sensitive personal data. The forensic investigation of the breach showed that unauthorized individuals accessed employee email accounts between June 24, 2021 and August 12, 2021.

Based on the substitute breach notice on the Contra Costa County web page, the email accounts included information on employees and people who had approached the County’s Employment and Human Services Department in the past. The types of records exposed comprised names, state-issued ID numbers, Social Security numbers, driver’s license numbers, financial account numbers, passport numbers, medical data, and/or health insurance details.

Though unauthorized email account access was established, it can’t be determined if any emails or attachments in the accounts had been viewed or copied. It is unknown when the breach was identified; nevertheless, Contra Costa County explained the breach investigation ended on March 11, 2022, and notification letters were issued to victims on April 15, 2022. No-cost credit monitoring services were given to entitled people.

The breach is not yet published on the HHS’ Office for Civil Rights breach website, therefore it is not clear how many persons were impacted.