SuperCare Health Data Breach Impacts 318K

April 07, 2022 - Update 4/14 - Since the date of publication, OCR's data breach portal was updated to reflect a breach at Christie Business Holdings Company that impacted 502,869 individuals, making it the largest reported breach in March. 

SuperCare Health in California posted a notice on its website regarding a healthcare data breach that impacted 318,379 individuals. The incident was the fourth largest reported breach on the Office for Civil Rights (OCR) data breach portal in 2022 to date, and the largest reported breach in March.

On July 27, 2021, the respiratory care provider discovered suspicious activity on its systems. SuperCare said it immediately took action to contain the incident and restore and secure its network.

Further investigation revealed that an unauthorized actor had accessed systems on SuperCare’s network between July 23 and July 27.

By February 2022, SuperCare determined that names, addresses, health insurance information, medical record numbers, birth dates, patient account numbers, claim information, treatment information, and hospital or medical group information were involved in the incident. A small number of Social Security numbers and driver’s license numbers were also involved.

“On March 25, 2022, we notified individuals whose information was involved in the incident,” SuperCare stated.

“In addition, we implemented additional security measures to protect our digital environment and minimize the likelihood of future incidents. We also reported the incident to the Federal Bureau of Investigation and will cooperate to help identify and prosecute those responsible.”

Update on CSI Laboratories Data Breach

As previously reported, Cytometry Specialists, also known as CSI Laboratories, suffered a cyberattack in February that disrupted the cancer testing lab’s information systems.

OCR’s data breach portal provided additional information about the incident and reported that it had impacted 312,000 individuals, making it the fifth-largest reported healthcare data breach of the year to date, just behind SuperCare Health.

On February 25, CSI learned that an unauthorized actor acquired files from its systems containing limited patient information, including names, birth dates, medical record numbers, health insurance information, and case numbers.

“We have engaged a well-known forensic investigation firm to identify the scope of the incident and assist using with securing our systems and data,” CSI Laboratories stated in a notice on its website.

“We have carefully brought our systems back online and we continue to closely monitor our network and information systems for unusual activity. We will continue to further improve security across our company networks and protect from unauthorized access or similar criminal activity in the future.”

Englewood Health Faces Healthcare Data Breach

New Jersey-based Englewood Health posted a notice on its website informing patients of a healthcare data breach that impacted nearly 4,000 individuals.

On February 14, 2022, Englewood Health learned that an employee’s username and password had been compromised.

As a result, an unauthorized actor gained access to names, birth dates, and limited health information. The unauthorized party only had access to patient information for about 40 minutes before the intrusion was discovered and they were locked out.

Englewood Health said it already notified all impacted individuals and offered them free credit monitoring services.

“Englewood Health takes the security of its patients’ personal information seriously. The affected data was identified expeditiously, and we worked quickly to ensure that the affected systems were remediated and secured,” the notice explained.

“Englewood Health has since upgraded its physical, administrative, and technical network controls to further protect against unauthorized access.”