The latest reported breaches are impacting small and medium-sized healthcare organizations

06 July 2023 – The latest series of reported healthcare data breaches impacted small and mid-sized healthcare organizations. Two of the three violations mentioned below occurred in 2022.

The Community Research Foundation notifies HHS of the October 2022 violation

The Community Research Foundation (CRF) in San Diego, California notified more than 30,000 people of a data breach that occurred in October 2022. Following the discovery of suspicious activity on October 13, CRF launched an investigation and involved an external cybersecurity team.

CRF determined that an unauthorized actor had accessed files and data stored within its systems, including names, Social Security numbers, medical care information, birth dates, driver’s license numbers, and insurance information healthcare.

“The privacy and protection of personal and protected health information is our top priority, and CRF deeply regrets any inconvenience or concern this incident may cause,” CRF said.

CRF notified affected individuals of the breach on June 28, months after it occurred.

ARx Patient Solutions informs patients of the 2022 violation

ARx Patient Solutions and its sister pharmacy, ARx Patient Solutions Pharmacy, notified 41,195 people of a data breach resulting from a compromised employee email account.

In March 2022, ARx discovered the incident and disabled the email account. Following an investigation, ARx determined that the account contained personal information, including names, birth dates, Social Security numbers, health insurance information, and medical information.

“We deeply regret any concern or inconvenience this incident may cause. ARx Patient Solutions has strengthened our safety systems and protocols for our employees, patients and customers by implementing extended detection and response (XDR) and threat monitoring, proactive vulnerability management programs, active systems scanning, policy additions and significant investments in the Security Operations department,” said ARx.

PA Senior Living Provider Suffers a Violation

The Williamsport Home, a Pennsylvania-based senior housing provider, disclosed a breach that occurred in April 2023. Williamsport Home discovered suspicious activity within its systems on April 24, 2023 and promptly launched an investigation.

The Williamsport Home team worked to contain the incident, implement additional technical safeguards, and promptly bring the affected systems back online. An investigation is ongoing, but Williamsport Home has found evidence that unauthorized actors had access to some internal systems used for business operations.

“There is no evidence that software systems used directly to assist residents were affected,” the notice said. “There has been no impact on the care and services provided to those residing at the three facilities and our staff continue to provide the highest level of care and services.”

Information affected by the incident may have included names, hospitalization and discharge dates, diagnosis and treatment information, Social Security numbers, financial account numbers, and other medical information.

“These are general categories of information that we believe may be present within affected systems and may have been accessed by the unauthorized actor during the incident. However, the specific people and extent of the information being accessed is not yet known,” added Williamsport Home.