Louisiana Health System Notifies 270K of Healthcare Data Breach

January 03, 2023 - In late December, Louisiana-based Lake Charles Memorial Health System (LCMHS) began notifying 269,752 individuals of a healthcare data breach. According to the notice, the breach occurred between October 20 and 21.

On October 25, LCMHS discovered that an unauthorized party had gained access to its network. The health system immediately notified law enforcement and launched an investigation into the incident.

The investigation determined that the unauthorized third party had accessed and potentially obtained certain files containing patient names, addresses, identification numbers, health insurance information, payment information, dates of birth, and clinical information. Some Social Security numbers were also impacted, but the breach did not impact LCMHS’ electronic medical record system.

“LCMH deeply regrets any concern this incident may cause our patients,” the notice stated. “We take this matter very seriously and are continuing to take steps to enhance the security of our systems and the information we maintain to help prevent something like this from happening again.”

Florida FQHC Suffers Breach, 14K Impacted

FoundCare, a nonprofit Federally Qualified Health Center (FQHC) in Florida, notified 14,194 individuals of a data security incident that impacted patient information.

On September 2, 2022, FoundCare discovered suspicious activity in its email environment. Further investigation determined that an unauthorized party had gained access to a limited number of FoundCare email accounts and potentially viewed personal information contained in the accounts.

The email accounts contained names, email addresses, Social Security numbers, credit card numbers, birth dates, passport numbers, medical conditions, diagnoses, health insurance policy numbers, and health plan beneficiary numbers. However, most individuals only had limited information impacted, the notice stressed.

“The security and privacy of individual’s information contained within FoundCare’s systems is a top priority, and FoundCare is taking additional measures to protect this information,” FoundCare noted.

“Since the incident, FoundCare has continued to strengthen its security posture by adding the following security controls: Turning on Multi Factor Authentication (“MFA”) for all users of FoundCare.org; blocking all basic authentication methods for FoundCare.org users; turned on Outlook security feature which provides message stating: ‘You don’t often get email from XXXX’ when receiving an email from a new address; reviewed all firewalls to ensure no unregulated access; continuous phishing awareness training to all staff.”

FoundCare encouraged impacted individuals to register for free credit monitoring and identity theft protection services.

Midwest Orthopaedic Consultants Suffers Breach

Midwest Orthopaedic Consultants (MOC) in Illinois notified 6,818 of a breach that occurred in late September. After learning that an unauthorized party may have gained access to its network and encrypted files, MOC launched an internal investigation and restored its files from backups immediately.

MOC later determined that the unauthorized party had acquired certain documents containing sensitive information, including names, dates of birth, diagnosis and treatment information, addresses, Social Security numbers, driver’s license numbers, and health insurance information.

MOC began notifying patients of the breach on December 22 and offered free identity theft protection services for individuals whose Social Security numbers or driver’s license numbers were involved.

“MOC takes its responsibility to safeguard personal information seriously and apologizes for any inconvenience this incident might cause,” the notice concluded. “MOC is enhancing its technical security measures to help prevent an incident like this from happening again.”