Digital Health Company Suffers Breach, 103K Impacted
Kannact disclosed a breach to HHS that stemmed from unauthorized access to its network and impacted 103,547 individuals.
Source: Getty Images
By Jill McKeon
- Digital health company Kannact disclosed a breach to HHS that impacted 103,547 individuals. According to a breach notice posted on the company’s website, Kannact discovered that an unauthorized party had gained access to its network on March 13.
Kannact launched an investigation and engaged a cybersecurity firm. The investigation is ongoing but preliminary results found that names, dates of birth, phone numbers, Social Security numbers, driver’s license numbers, and protected health information (PHI) were potentially exposed. Not all impacted individuals had their Social Security numbers and driver’s license numbers exposed.
“Kannact is committed to ensuring the privacy and security of all personal information in our care,” the company stated. “Since the discovery of the Incident, Kannact has taken and will continue to take steps to mitigate the risk of future issues.”
Kannact has since disabled access to a third-party managed file transfer software and deactivated all related API keys.
Vincera Institute Experiences Ransomware Attack
The Vincera Institute, a center that treats athletes who suffer from core injuries, disclosed a data breach that resulted from a ransomware attack in April 2023.
The institute submitted four breach notifications to HHS, under the Vincera Imaging, Vincera Rehab, Vincera Surgery Center, and Vincera Core Physicians. In total, the notices indicate that 25,000 individuals were impacted.
Vincera Institute has found no evidence of unauthorized access or misuse of data, but noted that names, contact details, Social Security numbers, treatment records, and insurance information may have been exposed.
The organization said it has since implemented enhanced security measures and monitoring systems and is working to identify vulnerabilities and investigate the full scope of the breach.
New Horizons Medical Reports Data Breach
New Horizons Medical, a Massachusetts-based mental health and addiction treatment center, disclosed a breach to the Maine Attorney General’s Office. On April 19, New Horizons learned of potential unauthorized access to its IT systems.
Further investigation revealed that an unauthorized party had gained access to New Horizons systems between February 12 and April 23.
New Horizons later determined that 12,317 individuals were impacted by this incident, which involved patient names, Social Security numbers, addresses, medical record numbers, diagnoses, financial account information, and prescription information.
New Horizons said that it implemented additional safeguards to protect its systems going forward.
