Prestera Mental Health Center located in West Virginia began informing 2,152 individuals regarding a security breach affecting employee email accounts. On or approximately April 1, 2021, Prestera Center discovered that selected worker email accounts were accessed without authorization between August 2020 and September 2020.
Although the unauthorized access was confirmed, the center wasn’t possible to determine whether any patient data had been viewed or copied.
A review was done to know the types of information that were included in the email accounts and which people were affected. The types of information in the account differed from person to person and may have included names, dates of birth, addresses, Social Security numbers, state identification card numbers, financial account data, medical details, and health insurance details.
Upon awareness of the breach, quick action was taken to protect the accounts to avoid any further unauthorized access. Policies and procedures were since assessed and updated, and extra steps were put in place to enhance email security.
Notification letters were mailed to impacted persons and a complimentary TransUnion Interactive MyTrueIdentity credit monitoring service membership was offered.
For the past few months, this is the second reported email account breach. On December 31, 2020, Prestera Center submitted an email account breach report impacting patient names, birth dates, patient account and/or medical record numbers, diagnostic data, healthcare provider data, prescribed medicine and/or treatment details, and, in some instances, addresses, social security numbers and Medicare/Medicaid ID numbers. It is uncertain if these two cases are connected.
PHI Potentially Compromised in Email Security Incident at Wisconsin Institute of Urology
Wisconsin Institute of Urology (WIU) has found out that an unauthorized individual accessed the email account of an employee. WIU was informed about the breach on or around May 26, 2021 when suspicious activity was noticed in the email account. WIU immediately secured the account by altering the password and begun an investigation to find out the nature and magnitude of the breach.
It was affirmed on June 9, 2021 that an unauthorized person had utilized the employee’s credentials to access the account; nonetheless, no reports were acquired concerning any cases of patient data misuse.
A time-intensive evaluation was performed to know all people whose protected health information (PHI) was contained in emails and email attachments. That review revealed the email account included PHI such as names, dates of birth, medical treatment and/or medical diagnosis details, medical insurance data and, for certain individuals, Social Security numbers. It is presently uncertain how many persons were affected.