2 Texas Hospitals Infected With Malicious Code May Face PHI Exposure

June 21, 2022 - Texas-based Baptist Medical Center and Resolute Health Hospital informed an undisclosed number of patients that its network was infected with malicious code, potentially resulting in protected health information (PHI) exposure.

The two hospitals, run by Baptist Health System, discovered the incident on April 20, 2022. After suspecting unauthorized network activity, the hospitals immediately suspended user access and put “extensive cybersecurity protection protocols” in place, the notice stated.

Further investigation revealed that an unauthorized third party accessed certain systems and removed data from the network between March 31 and April 24.

The information involved in the incident included demographic information, Social Security numbers, health insurance information, medical record numbers, diagnosis information, dates of service, and billing and claims information.

“We take the security of personal information seriously. As soon as the incident was discovered, a forensic investigation was immediately launched, law enforcement was contacted, and steps were taken to mitigate and remediate the incident and to help prevent further unauthorized activity,” the notice stated.

“In response to this incident, security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of similar incidents in the future.”

Call Center Service Reports Healthcare Data Breach

DialAmerica Marketing, a New Jersey-based call center service, reported a breach to HHS that impacted 19,796 individuals. According to its website, the company serves nearly 25 percent of the top health plan providers.

A sample notice posted on the Vermont Attorney General’s Office website said that DialAmerica discovered “anomalous activity” on its network on July 4, 2021. An investigation revealed that an unauthorized actor potentially viewed or took data from those systems between February 2, 2021 and July 9, 2021.

DialAmerica concluded its review of information within the systems on February 4, 2022, and said it was not aware of any misuse of the information, which included names, addresses, and other data that was not included in the sample breach notice.

90 Degree Benefits Wisconsin Suffers Data Security Incident

90 Degree Benefits’ Wisconsin location began notifying an undisclosed number of individuals of a data security incident that it discovered in late February 2022. The organization manages employee benefit plans for more than 100,000 plan members.

Investigators could not determine whether any information was actually viewed, but they did learn that an unauthorized actor accessed personal information. The information potentially included names, Social Security numbers, addresses, dates of birth, phone numbers, and health information. 90 Degree Benefits said that it notified the FBI and OCR.

“The security of our members’ personal information is of the utmost importance, and we deeply regret that this data security incident occurred,” the notice stated.