PHI Exposed Due To Email Account Breaches At A2z Diagnostics And Vision For Hope

A2Z Diagnostics, a specialist diagnostic screening laboratory in New Jersey, started informing patients about the inclusion of some of their protected health information (PHI) in employee email accounts that were accessed by unauthorized individuals.

Upon knowing about the breach, A2Z quickly protected the email accounts and third-party cybersecurity experts investigated the breach to ascertain if any emails or attachments were viewed or obtained during the attack. A2Z Diagnostics discovered on June 28, 2021 that the breach of accounts took place from February 2, 2021 to April 2, 2021. Some of the accounts comprised the personal information and PHI of persons who had tests conducted at its lab; nonetheless, there was no proof identified that indicated the access or stealing of any emails during the attack.

The types of information in the accounts was different from one individual to another and could have involved complete names combined with one or more of the following kinds of data: Social Security number, birth date, state ID or driver’s license number, medical diagnosis or clinical data, treatment type or place, name of the physician, medical insurance details and/or medical procedure data. A2Z mentioned merely a few people who acquired testing services were impacted.

Sending of notification letters to affected persons began on July 28. People who had their Social Security number exposed got credit monitoring services.

A2Z stated it has implemented important measures to enhance its technical safety measures to lessen the risk of the same incident down the road, such as improving upon its multi-factor authentication software program.

Vision for Hope ReportsReports Breach of Staff Email Account

The therapy charity Vision for Hope has learned that an unauthorized person has acquired access to an employee’s email account and likely viewed or acquired the PHI of a number of patients.

After being aware of the breach, an investigation was started to find out the nature and extent of the cyberattack, which showed the email account was exposed between February 14 and April 2, 2021. A thorough analysis of all email messages in the account was finished on June 2, 2021, when it was established that these types of PHI were possibly accessed: Name, Social Security number, date of birth, financial account number, driver’s license number medical treatment or diagnosis data, and/or health insurance details. The types of information exposed were different from person to person.

Vision for Hope mentioned it is convinced no data in the account was misused for the intent of doing identity theft or fraud. On August 3, 2021, Vision for Hope commenced mailing notification letters to impacted people and has given free credit monitoring and identity theft protection services to all persons who had their driver’s license number and/or Social Security number were likely accessed.

Data security measures are currently being strengthened with its personnel and improvements are being done to lower the possibility of more breaches taking place.