Houston Health Department Suffers Healthcare Data Breach

February 28, 2022 - The Houston Health Department suffered a data breach on its COVID-19 test results portal. Approximately 3,500 portal users may have had access to 10,000 COVID-19 test results.

The results included the addresses, names, birth dates, email addresses, test results, and testing dates of other patients. The Houston Health Department attributed the data breach to a technical issue in the portal that accidentally lined some accounts together. The incident did not involve hacking.

After discovering the incident on January 6, the health department deactivated the portal within 48 hours. The department also began sending letters to impacted individuals offering free identity protection services.

The department is committed to safeguarding patient privacy and deeply regrets this incident and any inconvenience it may cause,” the Houston Health Department said.

“Additional processes have been implemented to ensure this incident does not reoccur.”

The department also said that it had no reason to believe that any data was misused due to the breach.

EPIC Pharmacy Network Suffers Phishing Attack Impacting 29K

EPIC Pharmacy Network, a buying group of over 1,500 independently owned pharmacies across the US, suffered a phishing attack that impacted 28,776 individuals.

According to a notice on its website, EPIC Pharmacy Network discovered that a phishing attack resulted in unauthorized access to two employee email accounts.

It is unclear when EPIC Pharmacy Network discovered the incident, but it occurred on August 19, 2021, and the organization finished its forensic investigation on December 22, 2021. The pharmacy network began notifying patients on February 8. Under HIPAA, covered entities are required to notify patients within 60 days of discovering the breach.

The phishing attack resulted in the potential exposure of names, birth dates, and medical treatment and prescription information.

“EPIC Pharmacy Network is committed to maintaining the privacy of information in its possession and has taken many precautions to safeguard it,” the notice stated.

“Since the incident, we have worked with our information technology managed services providers to implement additional security measures in an effort to prevent a similar event from occurring in the future.”

EPIC Pharmacy Network said it had no evidence that data was misused or stolen during the attack.

MI Physical Therapy Practice Data Breach Impacts 15K

Michigan-based Alliance Physical Therapy Group (APTG) suffered a hacking incident on December 27, 2021, impacting 14,970 individuals. On January 7, 2022, APTG discovered that some protected health information (PHI) may have been subject to unauthorized access.

An unauthorized individual may have accessed Social Security numbers, birth dates, health insurance information, medical information, and driver’s license numbers.

Although APTG said it was unaware of any misuse of the information, it is offering free credit monitoring and identity protection services to impacted individuals.

“APTG takes the security of information entrusted to it seriously,” the practice’s notice said.

“As part of APTG’s ongoing commitment to the security of information within its care, APTG is reviewing its existing policies and procedures regarding cybersecurity and implementing additional measures and safeguards to protect against this type of incident in the future.”