- On Jan 18, 2017, CoPilot Provider Support Services, Inc. announced it detected unauthorized access of one of its databases and notified potentially impacted patients of the security breach.
CoPilot has no evidence any information has been distributed or misused in any way at this time.
The affected database was accessed on October 2015 and included information on approximately 220,000 individuals such as patient names, addresses, health insurers, and Social Security numbers.
Copilot became aware of the incident on December 23, 2015 and immediately launched an investigation into the incident.
After a cybersecurity investigation it was determined no sensitive PHI was accessed by an unauthorized party.
The organization has since issued letters to potentially impacted patients providing resources regarding how to protect themselves in the future, and has enlisted the help of an independent forensic IT firm to monitor its databases.
Ohio State malware infection potentially impacts 4.6K
The Ohio State University campus online periodical published a report regarding a malware infection security breach potentially impacting over 4,600 clients of the Ohio State Veterinary Medical Center at Dublin.
The Veterinary Medical Center alerted clients that the security breach could potentially put their bank account information, credit card numbers, driver’s license numbers, and Social Security numbers at risk, but OSU reported having no evidence that PHI has been viewed or misused.
Additionally, the credit card service provider that the VMC-Dublin uses has not reported any fraudulent activity linked to this incident.
The Ohio State University has since rebuilt the server at its Dublin location and is offering potentially impacted clients a free year of identity theft protection.
“Out of an abundance of caution and respect for our clients, we have contacted all individuals whose personal information was stored on the server,” said OSU spokesman Ben Johnson. “We have improved business and financial transactions, increased training, and taken other steps to improve the security of our institutional data.”
TriHealth software glitch causes billing error impacting 1K
TriHealth recently discovered a software glitch replaced the mailing addresses of 1,126 TriHealth patients with an old address the healthcare organization had previously had on file. This resulted in incorrectly mailed billing statements and other correspondence sent to the former addresses of patients.
TriHealth admitted that since it is unable to confirm whether the billing statements reached patients at their current addresses, TriHealth is notifying patients of the incident.
TriHealth issued the incorrect billing statements, advisory letters, and other letters to affected patients between November 15, 2016 and January 12, 2017.
The mailed items may have contained patient information including patient name, financial charges, payments and adjustments, balance and amount due, and appointment reminders, among other pieces of information.
TriHealth was adamant in assuring patients no sensitive patient information, such as Social Security numbers or credit card numbers, were included in these mailings.
At present, TriHealth reports having no evidence any patient information has been misused by unauthorized personnel. However, TriHealth has offered potentially impacted patients resources to obtain a free credit report annually to monitor credit activity.
TriHealth said it has resolved the software problem and corrected the addresses in its computer system.
Catholic Charities suffers email account hack
On November 29, 2016, Catholic Charities became aware of a potential security breach in which employee email accounts may have been accessed by unauthorized personnel the month prior.
The Baltimore organization currently has no evidence of any misuse of information but said it is contacting potentially impacted individuals out of caution.
The emails may have included information such as names, addresses, phone numbers, insurance identifiers, Catholic Charities ID numbers, as well as diagnostic and treatment information.
The organization is taking care to ensure the security of all PHI and has since taken steps to inform potentially impacted patients, as well as secure the impacted email accounts to prevent further incident.
An investigation by a third-party forensic expert is already underway. Catholic Charities has reset the employee email passwords in the hopes of preventing any more security problems and is reviewing their personal security measures.
Catholic Charities has recommended patients exercise caution when providing personal information to individuals claiming to be associated with their health organization to avoid false claims resulting in identity theft.