3 Specialty Practices Report Healthcare Data Breaches

January 17, 2023 - Three specialty care providers across the country notified patients of healthcare data breaches recently. Threat actors are continuing to target healthcare organizations of all sizes and specialties as 2023 begins.

Texas Home Healthcare Provider Discloses Breach

Home Care Providers of Texas (HCPT) reported a breach to the Texas Attorney General’s Office impacting more than 124,000 individuals. HCPT is a Medicare-certified home healthcare provider.

According to a notice on its website, HCPT discovered on June 29, 2022 that a portion of its network had been impacted by a cyberattack. The hacker encrypted and removed some files from HCPT’s network between June 15 and June 29.

Despite discovering the incident in June, HCPT did not complete its investigation until November 15. The breach involved names, dates of birth, addresses, Social Security numbers, and medication information, as well as treatment and diagnosis information.

“As a team of dedicated and caring medical professionals, we understand that healthcare is about people taking care of people. We remain fully committed to maintaining the privacy of personal information in our possession, and upon learning of the event we took immediate action to protect individual health and personal information,” the notice stated.

“We continually evaluate and modify our practices to enhance the security and privacy of personal and protected health information, and are taking measures to augment our existing cybersecurity.”

Florida Behavioral Health Services Org Suffers Breach, 61K Impacted

Circles of Care, which provides behavioral health services in Melbourne, Florida, suffered a data breach that impacted 61,170 individuals.

On September 6, an unauthorized party accessed the Circles of Care systems and potentially obtained some sensitive information, such as names, dates of birth, Social Security numbers, addresses, medical account numbers, diagnoses, medical procedure codes, provider names, driver’s license numbers, and bank account numbers.

Circles of Care discovered the suspicious activity on September 21 and determined the extent of the damage in late November.

“The security and privacy of the information contained within our systems is a top priority for us,” Circles of Care stated in a notice posted on its website.

The organization has since implemented additional security measures such as enhanced employee cybersecurity training.

Kelberman Center Discloses Email Data Breach

Utica, New York-based Kelberman Center disclosed a breach that impacted 3,501 individuals. The Kelberman Center is a provider of autism services for children and adults in Central New York.

According to a notice posted on its website, Kelberman discovered suspicious activity within one user’s email inbox. Further investigation revealed that an unauthorized party had potentially accessed a limited number of Kelberman mailboxes between October 31 and November 3, 2022.

The unauthorized actor may have accessed files containing protected health information, including names, dates of birth, diagnosis and treatment information, and provider information.

“Working with an outside forensics expert, we confirmed the narrow scope of this incident, the security of our e-mail environment and that our systems are not otherwise currently at risk,” the notice stated.

“In order to protect against unauthorized access to electronic mailboxes, Kelberman has been working to implement several precautionary measures. Kelberman has also changed passwords and modified internal e-mail settings and controls.”

The Kelberman Center encouraged impacted individuals to remain vigilant and take steps to reduce the risk of identity theft.