- The patient portal of Missouri-based BJC Healthcare was hacked with malware, which potentially intercepted the credit and debit card numbers of 5,850 patients.
According to officials, the breach was discovered on November 19. An investigation was launched and found the malware was uploaded nearly a month earlier on October 25. Payment information entered into the patient portal during that time period could have been intercepted by the hackers.
The breached data included patient names, addresses, dates of birth and billing addresses, along with bank or credit card information of the card holder. No Social Security numbers or medical information was included in the breached data.
Officials increased security controls on the patient portal to better protect against malware following the attack. And all impacted patients have been notified.
Falsified Contractor ID Causes Contra Costa Health Plan Breach
Contra Costa Health Plan recently discovered a individual hired by the organization used a falsified identity to obtain the contractor position. The individual had access to the EHR as part of the role, and that access began on Dec. 1, 2014.
The contractor worked on a series of contracts with CCHP, related to utilization management. Officials were notified that the contractor used falsified documents to obtain the contract on May 22, 2018 and immediately revoked the contract and her access.
During the contracted period, the individual was able to view personal data included in the EHR, from demographic details to medical and prescription drug data. Social Security numbers could have also been accessed.
“CCHP conducted a thorough forensic audit trail, and at the time of this notice there is no current evidence of any improper access, use, or disclosure of your information by the contractor,” officials said in a statement. “Although we have no evidence of actual misuse of any of your information, we are notifying you due to the nature of the current investigation.”
CCHP has been working with California’s Department of Health Care Services, which recommended the breach notification letter out of caution. All patients involved in the incident are being provided one free year of credit monitoring and identity theft services.
According to East Bay Times, the individual was indicted in Michigan’s Eastern District Court on 11 felony charges in April.
Email Hack on CCRM Dallas-Fort Worth Breaches 1,100
CCRM Dallas-Fort Worth is notifying 1,117 patients of a data breach caused by a hack on a former nurse’s email account.
On October 4, officials discovered unauthorized access on the account, after learning some patients received spam email from the account. The practice contacted its IT vendor to deactivate the account and determine what information was impacted.
The investigation determined the hacker could have viewed or accessed patient names, addresses, emails, health data, insurance details, and medical histories from the account. For some patients, Social Security numbers and driver’s license numbers were compromised.
The notice did not explain why the email account was left active when the nurse was no longer employed, nor why the account still contained personal patient data.