Latest Reported Breaches Impact Small, Mid-Sized Healthcare Organizations

July 06, 2023 - The latest string of reported healthcare data breaches impacted small and mid-sized healthcare organizations. Two of the three breaches mentioned below occurred in 2022.

Community Research Foundation Notifies HHS of October 2022 Breach

San Diego, California-based Community Research Foundation (CRF) notified more than 30,000 individuals of a data breach that occurred in October 2022. Following the discovery of suspicious activity on October 13, CRF launched an investigation and engaged an external cybersecurity team.

CRF determined that an unauthorized actor had accessed files and data stored within its systems, including names, Social Security numbers, medical treatment information, dates of birth, driver’s license numbers, and health insurance information.

“The privacy and protection of personal and protected health information is our top priority, and CRF deeply regrets any inconvenience or concern this incident may cause,” CRF stated.

CRF notified impacted individuals of the breach on June 28, months after it occurred.

ARx Patient Solutions Notifies Patients of 2022 Breach

ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, notified 41,195 individuals of a data breach that resulted from a compromised employee email account.

In March 2022, ARx discovered the incident and disabled the email account. Following an investigation, ARx determined that personal information was contained in the account, including names, dates of birth, Social Security numbers, health insurance information, and medical information.

“We deeply regret any concern or inconvenience this incident may cause. ARx Patient Solutions strengthened our systems and security protocols for our employees, patients and customers by implementing extended detection and response (XDR) and threat monitoring systems, proactive vulnerability management programs, active systems scanning, policy additions, and significant investments in the Security Operations department,” ARx stated.

PA Senior Living Provider Suffers Breach

The Williamsport Home, a Pennsylvania-based senior living provider, disclosed a breach that occurred in April 2023. Williamsport Home discovered suspicious activity within its systems on April 24, 2023 and promptly launched an investigation.

The Williamsport Home team worked to contain the incident, implement further technical safeguards, and bring impacted systems back online in a timely manner. The investigation is ongoing, but Williamsport Home has found evidence that unauthorized actors accessed some internal systems used for business operations.

“There is no evidence that any software systems used directly for resident care were impacted,” the notice stated. “There has been no impact on the care and services provided to those who reside at the three facilities and our staff continues to provide the highest level of care and services.”

The information impacted by the incident may have included names, admission and discharge dates, diagnosis and treatment information, Social Security numbers, financial account numbers, and other medical information.

“These are general categories of information that we believe may be present within the affected systems and may have been accessed by the unauthorized actor during the incident. However, specific individuals and the extent of the information accessed are not yet known,” Williamsport Home added.