Hawaii Skilled Nursing Facility Notifies 20K of Healthcare Data Breach

March 07, 2023 - Aloha Nursing Rehab Centre, a skilled nursing facility in Kaneohe, Hawaii, notified 20,016 patients of a recent healthcare data breach that occurred around early July 2022.

On December 28, 2022, Aloha Nursing Rehab Centre first discovered that an authorized party accessed several electronic records in its systems. Upon discovery of the breach, the skilled nursing facility engaged cybersecurity experts to investigate and identify what personal information was impacted.

After an extensive forensic investigation and manual document review, Aloha Nursing Rehab Centre learned that “one or more of the files accessed by the unauthorized party on or about July 8, 2022, contained personal information pertaining to a limited number of individuals, such as full names, dates of birth, Social Security numbers, financial account information, driver’s license or state identification numbers, medical record and/or patient account numbers, health information, and health insurance information.”

Although Aloha Nursing Rehab Centre said it has no evidence that any information involved in the incident has been misused, out of an abundance of caution, they have notified patients whose information may have been included in the files accessed by the unauthorized party.

“Aloha Nursing Rehab Centre is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” the organization wrote. “For individuals who have questions or need additional information regarding this incident, or to determine if they are impacted and are eligible for credit monitoring.”

Kansas-based Mental Healthcare Org Suffers Data Breach

Compass Behavioral Health disclosed a data security incident to HHS that involved the protected health information (PHI) of 1,064 patients accidentally being exposed.

According to a notice on its website, suspicious activity within its email environment led the Kansas-based mental healthcare organization to engage a specialized third-party vendor to conduct a cyber forensic investigation.

Upon further investigation, it was discovered that an unauthorized user had accessed a restricted number of files in the employee OneDrive accounts and an email account, potentially leading to the compromise of PHI.

On February 14th, the external expert uncovered a spreadsheet containing Compass's incident reports, which documented procedure breaches, injuries, accidents, and unusual events, had been accessed.

The file contained names, addresses, dates of birth, dates of death, treatment location, medical record numbers, information related to medical incidents, limited medical information, and medication information. In this event, investigators found no evidence that Social Security numbers or any other financial information were compromised.

Compass recommended that patients “remain vigilant, monitor your accounts, and immediately report any suspicious activity or suspected misuse of your personal information.”

Texas Orthopaedics & Sports Medicine Discovers Third-Party Breach

Texas Orthopaedics & Sports Medicine notified 537 individuals of a third-party data breach involving some patient information.

“On November 28, 2022, we became aware of suspicious activity relating to our internal information systems,” a notification on its website indicated. “In response, we engaged outside forensics and data security specialists to investigate the nature and scope of the activity.”

Further investigation revealed that between November 22, 2022, and November 29, 2022, a third party took information from the organization’s internal information systems, including date of birth, diagnosis information, disability information, driver’s license number, health insurance group/plan number, health insurance information, health insurance policy number, medical history information.

Since its investigation, no evidence has suggested any information was misused. 

After being made aware of the occurrence, Texas Orthopaedics & Sports Medicine took measures to secure the environment by modifying all system passwords. In addition, they informed all relevant regulatory bodies, including HHS.

To prevent similar incidents in the future, Texas Orthopaedics & Sports Medicine will be implementing additional security measures. Additionally, as a precautionary measure, the organization provides affected individuals with complimentary credit monitoring and identity protection services.