– Global law firm Orrick, Herrington & Sutcliffe suffered a data breach affecting more than 40,000 people. The data was originally held by the company because it was working on a case involving a 2020 safety event involving a vision benefits plan. As a result of unauthorized activity on Orrick’s network, the data was breached a second time.
On March 13, 2023, Orrick detected suspicious activity and determined that an unauthorized third party had gained remote access to a portion of its network, including a file share used to store certain client files.
Further investigation determined that the unauthorized party obtained files containing names, addresses, birth dates and Social Security numbers. Orrick said she notified the vision benefits plan of the incident and has since strengthened his safety position.
Delaware Health Net suffers experiences hack
Electronic health record management provider Delaware Health Net (DHN) disclosed a breach that impacted the records of Delaware-based Henrietta Johnson Medical Center (HJMC) and other healthcare organizations.
On April 5, DHN suffered a cyber incident that resulted in unauthorized access to certain systems and copying of some files. Affected DHN systems may contain some HJMC patient data, such as names, birth dates, medical record numbers, lab information, diagnosis codes, and health insurance information.
“The confidentiality, privacy and security of patient information are among our top priorities and we take the DHN event very seriously,” HJMC said.
“As part of our ongoing commitment to patient information security, we are working to review our existing policies and procedures relating to our third party providers and continue to collect information from DHN about your event.
Partnership Health Center discloses a data breach
More than 8,000 people were affected by a data breach at the Montana-based Partnership Health Center (PHC) caused by an email error.
Specifically, PHC sent out an email survey asking patients about their experiences at PHC. Surveys were sent to the wrong email addresses and patients received emails containing names of other patients and an indication that they had received services from PHC in the past.
“Although this error is an invasion of privacy that we take very seriously, we want to assure you that no other information about you, including identifying information, medical history, services you have accessed at PHC or anything else, has been shared with the ‘individual who incorrectly received the survey meant for you,’ PHC said.
PHC has since implemented additional training to safeguard patient privacy.
South Suburban Surgical Suites suffers a phishing attack
South Suburban Surgical Suites, based in Indiana, recently discovered that an unauthorized party gained access to a corporate email account hosted by Microsoft Office 365 through phishing.
Further investigation revealed that there was personal patient information in the account, including demographic information, social security numbers, treatment information, and billing and complaints information. About 5,300 people were affected by the breach.
“South Suburban takes privacy and security very seriously. As soon as South Suburban discovered the incident, it took immediate action to prevent any further unauthorized activity, including resetting the user’s password for the company email account where unauthorized activity was detected and address blocking Malicious IPs and URLs,” South Suburban said.
“South Suburban has improved and continues to improve safety controls and monitoring practices as appropriate to minimize the risk of similar incidents in the future and has retired the legacy environment in which the incident occurred.”
#Law #firm #suffers #health #data #breach #impacting #40K
Image Source : healthitsecurity.com