- On April 24, 2017, Family Tree Health Clinic discovered a ransomware attack potentially affecting PHI stored in its IT system, according to an online statement.
The Pennsylvania health clinic immediately restored its system data using backup to avoid paying a ransom to the offending hackers.
Once the system was restored, Family Tree immediately launched efforts to amend any security vulnerabilities and enlisted the help of local law enforcement and the FBI to conduct an investigation.
Potentially impacted information may have included patient names, dates of birth, addresses, Social Security numbers, health insurance information, and medical information such as claims and diagnosis codes.
According to the OCR data breach reporting tool, the PHI of 13,402 patients may have been affected in the incident.
However, Family Tree has stated no evidence exists suggesting any credit card or banking information was compromised by the ransomware attack.
Additionally, the health clinic stated there is no evidence that any patient information has been misused in any way.
Family Tree has sent data breach notification letters to potentially impacted patients informing them of the incident. Mailed notices also include information regarding steps patients can take to protect their information.
In response to the ransomware attack, the health clinic has set up a free call center to answer any questions concerned patients may have regarding the safety of their information.
Additionally, Family Tree is providing patients with free identity protection services.
Indiana Medicaid patients suffer potential data breach
An internet hyperlink to an Indiana Health Coverage Program (IHCP) report containing patient information was potentially made accessible between February and May of 2017, according to an online statement.
DXC Technology made the discovery on May 10, 2017 and then notified IHCP.
DXC became aware of the security breach and took steps to resolve the issue and notify potentially impacted Indiana Medicaid patients of the incident.
Possibly exposed information included patient names, Medicaid ID numbers, payment amounts, dates of services, provider name, procedure codes, and patient identification numbers.
Presently, DXC stated there is no evidence suggesting any information has been misused in any way.
In response to the event, the technology vendor is offering one free year of credit protection services to all impacted individuals.
Additionally, DXC set up a call center to answer questions potentially impacted patients may have regarding the incident.
DXC has not revealed how many patients were affected in the incident.