Seattle Health Center Discovers Additional Data Stolen During June Breach

April 06, 2022 - Sea Mar Community Health Centers (SMCHC) in Seattle informed its patients that threat actors had exfiltrated more data than previously thought during a June 2021 data breach.

As previously reported, SMCHC suffered a data breach that impacted 688,000 individuals. On June 24, 2021, the health center discovered that an unauthorized actor had copied data from its network. Further investigation revealed that the actor had been copying data undetected between December 2020 and March 2021.

Some patient names, addresses, Social Security numbers, birth dates, medical, vision, and dental treatment information, insurance information, and images associated with dental treatment may have been involved in the incident.

Sea Mar initially said it was not aware of any misuse of protected health information as a result of this incident. In its most recent update, SMCHC said that it learned new information about the data breach.

“In January and March 2022, Sea Mar learned of additional data that may have been copied from its digital environment, and, upon review, identified that such data contained personal and protected health information,” the notice stated.

“The additional data contained the following personal and protected health information: Name, date of birth, and, in some cases, Social Security number and/or driver's license information.”

It is unclear whether the new information impacted more than the originally reported number of victims.

As of February 2022, SMCHC was facing a class-action lawsuit over its handling of the breach. The lawsuit alleged that SMCHC was negligent and violated Washington consumer protection laws.

Clinic of North Texas Breach Impacts 244K

The Clinic of North Texas (CNT) recently faced a data breach that impacted 244,174 individuals, making it the fifth largest reported data breach of 2022 at the time of publication.

On November 9, 2021, CNT discovered that it had fallen victim to a cyberattack that resulted in unauthorized access to patient information. Although CNT had no evidence of misuse, the unauthorized actor did access a folder containing names, birth dates, addresses, and limited health information.

“CNT takes the security of patient information very seriously, and has taken steps to prevent a similar event from occurring in the future,” the notice stated.

“Since the incident, CNT changed all administrator passwords, implemented two-factor authentication and deployed end point detection and response and threat hunting tools to ensure that its information technology environment is secure.”

CNT said it would provide free credit monitoring, dark web monitoring, and identity theft protection services to all potentially impacted individuals.

Email Compromise Results in Data Breach at Thomas Allen

Thomas Allen, a social services organization that provides a variety of services to individuals with disabilities, fell victim to a data breach in June 2021 that impacted just over 2,800 individuals.

According to a notice posted on its website, Thomas Allen discovered that several employee email accounts had been compromised and immediately engaged a third-party forensics firm.

Further investigation could not rule out the possibility that information stored in the accounts was subject to unauthorized access.

“Thomas Allen hired another firm to review the thousands of emails in the impacted mailboxes to determine if and what sensitive information may have been exposed,” the notice explained.

“The investigation revealed that there was sensitive data in the impacted accounts. Therefore, out of an abundance of caution, Thomas Allen is providing notice to all individuals and employees whose information may have been compromised.”

The unauthorized actor potentially had access to names, Social Security numbers, driver’s license numbers, emails, birth dates, phone numbers, addresses, health insurance numbers, and medical information.