Salusive Health Shuts Doors, Provides Data Breach Notification

May 04, 2022 - Salusive Health, also known as myNurse, posted a notice on its website on April 29 informing patients of a data security incident involving patient information. In the breach notification letter provided to the California Attorney General’s Office, Salusive Health also announced that it would cease clinical operations permanently on May 31.

The organization said that the decision to close was unrelated to the data security incident but did not provide a reason for closing.

The company discovered suspicious activity on its systems on March 7 and later determined that an unauthorized individual had gained access to its systems beginning on March 3. Salusive Health said it immediately began containment and restoration efforts to secure its network.

The exposed information potentially included demographic information, clinical information, and financial information, along with a single individual’s Social Security number.

“It is important to note that, at this time the company has no evidence that information has been shared, posted, or misused as a result of this incident,” the website notice stated.

Salusive Health recommended that impacted individuals review account statements and consider placing security freezes on credit files.

“The company has implemented additional measures to enhance the security of its digital environment in an effort to minimize the likelihood of a similar event from occurring in the future,” the notice continued.

However, the letter provided to the California Attorney General’s Office showed that the company would no longer be operating by the end of May. The single-paragraph announcement appeared in the middle of the breach notification letter, sandwiched between additional data breach information.

“This development is unrelated to the data security incident we experienced and does not affect the care you receive from your medical professional,” the notice explained.

“You’re welcome to keep any vitals monitoring devices you’ve received from myNurse, such as blood pressure monitors or scales. We hope you’ll use these and your experience as a myNurse member to continue building healthy habits and working toward the goals that matter to you.”

NY-Based La Casa de Salud Impacted by Acacia Network Breach

La Casa de Salud, a New York-based community health center, announced that it was impacted by a 2020 data breach at Acacia Network. According to OCR’s data breach portal, about 9,969 individuals connected to La Casa de Salud were impacted by the incident.

As previously reported, an unauthorized individual gained access to employee email accounts for six days in June 2020. However, Acacia only began sending breach notification letters in February 2022.

At the Acacia-affiliated Puerto Rican Organization to Motivate, Enlighten, and Serve Addicts, more than 30,000 individuals were impacted by the breach.

The notification letters for both health centers were identical and noted that clients from the following Acacia programs were impacted: Bronx Accountable Healthcare Network, Bronx Addiction Services Integrated Concepts System, Community Association of Progressive Dominicans, El Regreso, Greenhope Services for Women, La Casa De Salud, Promesa, and United Bronx Parents.

The accounts contained patient Social Security numbers, medical record numbers, birth dates, driver’s license numbers, addresses, financial account numbers, names, Medicare numbers, provider names, treatment information, and prescription information.

Acacia said it had no evidence that any information had been viewed or misused, but it was unable to rule out the possibility.

“Acacia deeply regrets any inconvenience or concern this incident may cause. Acacia continually evaluates and modifies its practices to enhance the security and privacy of clients’ information,” the notice stated.

“To help prevent something like this from happening in the future, Acacia is reinforcing employee training on privacy and security and is instituting additional security measures.”