Healthcare Business Associate Data Breach Impacts 320K

June 14, 2023 - Onix Group, a Kennett Square, Pennsylvania-based company that operates commercial real estate and provides management and consulting services, suffered a ransomware attack that resulted in a healthcare data breach.

The breach impacted 319,500 individuals in total. Onix group notified the impacted individuals on behalf of its affiliates, Addiction Recovery Systems, Cadia Healthcare, Physician's Mobile X-Ray, and Onix Hospitality Group.

Onix discovered the incident on March 27 and immediately took action to secure its systems. Further investigation determined that an unauthorized party had accessed its network for seven days in March, corrupting systems and removing files in the process.

The impacted files included names and Social Security numbers, as well as scheduling, billing, and clinical information regarding care at one of the previously mentioned healthcare facilities. The files also contained information that the company maintained for human resources purposes, such as names, Social Security numbers, health plan enrollment information, and direct deposit information.

“Onix takes the privacy and security of the information in its care very seriously and sincerely regrets any inconvenience this incident may cause,” Onix stated. “To help prevent something like this from happening again, Onix strengthened the security of its systems and will continue enhancing its protocols to safeguard the information in its care.”

Breach At Maimonides Medical Center Impacts 33K

A hacker gained access to Brooklyn, New York-based Maimonides Medical Center’s (MMC) systems in early March, the medical center disclosed in a breach notification.

Specifically, the hacker accessed patient information located on one computer server which contained patient names, addresses, diagnosis and treatment information, and some Social Security numbers.

Further investigation determined that 33,000 individuals were impacted by the breach. MMC sent breach notifications to all impacted individuals and engaged cybersecurity experts to put additional safeguards in place to reduce risk.

IT Services Company Suffers Healthcare Data Breach

iSpace, a global IT services company that specializes in the technology, healthcare, entertainment, and automotive sectors, suffered a breach between January 30 and February 5, 2023. Upon discovery, iSpace launched an investigation, later determining that the breach impacted 24,382 individuals.

An unauthorized actor had accessed and copied files stored within iSpace’s environment. The files included names, Social Security numbers, health insurance policy numbers, diagnoses, prescription information, dates of birth, and subscriber numbers.

“As part of our ongoing commitment to the security of information and prevent future incidents, we have engaged the services of security specialists to assist in examining our existing policies and practices relative to data privacy,” the notice concluded.