Healthcare Data Breach at GA Cardiology Practice Impacts 71K

October 27, 2022 - On August 15, Ascension St. Vincent’s Coastal Cardiology in Brunswick, Georgia, was alerted to a healthcare data breach involving “recently acquired Ascension St. Vincent’s Coastal Cardiology’s legacy systems including the electronic medical record.”

“No Ascension networks or systems, including the practice’s current electronic medical record, were affected by this incident,” the announcement noted.

The breach impacted 71,227 individuals. The organization said it immediately secured the legacy network, but some information was encrypted by ransomware. Since the data is still encrypted, Ascension St. Vincent’s Coastal Cardiology is currently unable to determine what information was impacted.

“However, the legacy record would have contained individuals’ demographic and health information related to visits at Coastal Cardiology prior to October 5, 2021, including name, address, email address, phone number, and insurance information, as well as Social Security number (if provided), clinical information, and billing and insurance information,” the breach notice stated.

Ascension said it removed access rights to the legacy system, retrained associates, and initiated a security risk assessment.

Country Doctor Community Health Clinic Suffers Breach

Country Doctor Community Health Clinic (CDCHC) notified 38,751 individuals of a healthcare data breach. On January 6, CDCHC discovered unusual activity in its digital environment and immediately took steps to secure the environment.

Further investigation revealed that an unauthorized actor had accessed certain files within its system. The impacted information varies by individual, but may include names, Social Security numbers, dates of birth, addresses, and protected health information (PHI).

Although CDCHC discovered the breach in January, it began notifying impacted individuals of the breach in writing on October 14. The breach impacted patients and employees of CDCHC.

“CDCHC has taken steps in response to this incident and has made alterations to its cyber environment to help prevent similar incidents from occurring in the future,” the notice stated.

Delaware Division of Developmental Disabilities Services Discloses Breach

The Delaware Division of Developmental Disabilities Services (DDDS), a division of the Delaware Department of Health and Social Services, disclosed a healthcare data breach that impacted 7,000 individuals.

In late August, DDDS discovered that it had inadvertently provided access to records during the process of creating new user accounts in the division’s client database.

“As a result of these actions, 159 new users had potential access to service recipients’ personal, identifiable information and protected health information as well as potential access to more detailed information through accessed accounts,” the department told impacted individuals.

Only 12 records were actively accessed, but other users may have “passively viewed” the information, DDDS explained.

Since the incident, DDDS has worked with its software vendor to take corrective measures and institute technology checks on providing access. In addition, the department reviewed and reinforced its HIPAA-related policies and established new guidelines for the creation of user accounts.

“The division will incorporate lessons from this analysis into the design and implementation of its new client data management system scheduled for transition in 2023,” the notice stated.