Law Firm Suffers Healthcare Data Breach Impacting 40K

July 11, 2023 - Global law firm Orrick, Herrington & Sutcliffe suffered a data breach involving more than 40,000 individuals. The data was originally in the firm’s possession because it was working on a case involving a 2020 security event involving a vision benefits plan. As a result of unauthorized activity on Orrick’s network, the data was breached a second time.

On March 13, 2023, Orrick detected suspicious activity and determined that an unauthorized third party had gained remote access to a portion of its network, including a file share that it used to store certain client files.

Further investigation determined that the unauthorized party obtained files containing names, addresses, birth dates, and Social Security numbers. Orrick said it notified the vision benefits plan of the incident and has since strengthened its security posture.

Delaware Health Net Suffers Experiences Breach

EHR management provider Delaware Health Net (DHN) disclosed a breach that impacted records at Delaware-based Henrietta Johnson Medical Center (HJMC) and other healthcare organizations.

On April 5, DHN experienced a cyber incident that resulted in unauthorized access to certain systems and the copying of some files. The impacted DHN systems may have contained some HJMC patient data, such as names, dates of birth, medical record numbers, lab information, diagnosis codes, and health insurance information.

“The confidentiality, privacy, and security of patient information are among our highest priorities, and we take the DHN event very seriously,” HJMC stated. 

“As part of our ongoing commitment to the security of patient information, we are working to review our existing policies and procedures regarding our third-party vendors, and we continue to pursue information from DHN about its event.”

Partnership Health Center Discloses Data Breach

More than 8,000 individuals were impacted by a data breach at Montana-based Partnership Health Center (PHC) that resulted from an email error.

Specifically, PHC sent a survey via email to ask patients about their experiences at PHC. The surveys were sent to incorrect email addresses, and patients received emails containing other patients’ names and an indication that they had received services at PHC in the past.

“While this error is a breach of privacy that we take very seriously, we want to assure you that no other information about you, including identifying information, medical history, services you have accessed at PHC, or anything else, was shared with the individual who incorrectly received the survey intended for you,” PHC stated.

PHC has since implemented additional training to safeguard patient privacy.

South Suburban Surgical Suites Suffers Phishing Attack

Indiana-based South Suburban Surgical Suites recently discovered that an unauthorized party gained access to a legacy Microsoft Office 365-hosted business email account via phishing.

Further investigation revealed that personal information related to patients was present in the account, including demographic information, Social Security numbers, treatment information, and billing and claims information. Approximately 5,300 individuals were impacted by the breach.

“South Suburban takes privacy and security very seriously. As soon as South Suburban discovered the incident, it immediately took action to prevent any further unauthorized activity, including resetting the user password for the business email account where unauthorized activity was detected and blocking malicious IP addresses and URLs,” South Suburban stated.

“South Suburban has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and it has retired the legacy environment in which the incident occurred.”