Arkansas Hospital Notifies Patients of Healthcare Data Breach

January 04, 2023 - Arkansas-based Howard Memorial Hospital (HMH) began notifying patients of a healthcare data breach. On December 4, HMH discovered the suspicious activity and “allegations made by an unknown actor that data had been stolen from the HMH network.”

Further investigation revealed that an unauthorized party potentially stole certain files between November 14 and December 4. The files contained patient names, contact information, Social Security numbers, health insurance information, medical history, treatment information, medical record numbers, physician names, and dates of birth.

In addition, the names, contact information, dates of birth, direct deposit information, and Social Security numbers of some current and former HMH employees were impacted.

“HMH takes this event and the security of your information seriously. Upon learning of this event, we immediately took steps to secure our network and ensure that we could maintain operations in a safe and secure fashion,” the notice stated.

“As part of our ongoing commitment to the privacy of personal information in our care, we are working to review our existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information on our systems.”

Heartland Alliance Suffers Data Breach

Chicago, Illinois-based Heartland Alliance, a social justice and human rights organization, disclosed a data breach that potentially involved the protected health information (PHI) of those who sought healthcare at Heartland, along with employees, directors, and independent contractors.

Despite discovering the incident on January 15, 2022, Heartland did not begin notifying impacted individuals of the breach until December 15. The incident impacted names, dates of birth, bank account information, Social Security numbers, bank account numbers, driver’s license numbers, and health information. The information involved varied by individual.

“The privacy and security of personal and protected health information are very important to Heartland,” the notice stated.

“Immediately after we learned of this incident, we enhanced our IT security by adding new threat detection software, monitoring, and sign-in protocols. We deeply regret any inconvenience or concern this incident may have caused.”

MedStar Mobile Healthcare Reports Breach Impacting 612K

MedStar Mobile Healthcare suffered a data breach in October 2022, according to a notice provided to the Montana Attorney General’s Office. MedStar is an emergency and non-emergency ambulance service provider for 15 cities in Tarrant County, Texas.

On October 20, MedStar discovered issues within its network and determined that an unauthorized party had gained access to a restricted location within the company’s computer network.

“We have not been able to confirm that those files were actually accessed by the third party, and therefore cannot say that any of your information in those files was accessed,” the notice stated.

“Nevertheless, in an abundance of caution and out of respect for those individuals we have served, we are providing this notice to alert you to the potential that your information was impacted by this incident.”

The files contained non-financial billing information related to individuals who received care from MedStar. For some individuals, the impacted information may have included names, contact information, dates of birth, and medical care information. The breach impacted 612,000 individuals in total. 

MedStar said it would continue to investigate the full scope of the cyberattack.

Three Rivers Provider Network Experiences Email Breach

Three Rivers Provider Network (TRPN), an insurance company based in California, disclosed a breach that occurred within an employee email account. In a notice on its website, TRPN did not specify when it first discovered the breach.

“We promptly initiated an investigation and secured the compromised account,” the website notice stated. “Our investigation indicated that some personal information was present within the inbox and may have been acquired by an unauthorized party.”

The information contained in the inbox included names, addresses, Social Security numbers, passport numbers, driver’s license numbers, dates of birth, and health information. TRPN offered free credit monitoring services to impacted individuals.