Third-Party Data Breach Impacts 271K at Oklahoma Healthcare Administrative, Tech Services Company

December 22, 2022 - Oklahoma-based Avem Health Partners, which provides administrative and technology services to healthcare organizations, notified 271,303 individuals of a healthcare data breach that occurred at 365 Data Centers, a vendor used by a third-party service provider utilized by Avem.

365 Data Centers discovered that an unauthorized party may have accessed information on its servers in May 2022.

“Subsequently, Avem conducted a review of the Avem files that were stored on the 365 Data Centers server,” Avem explained.

“Based on this review, which was completed on October 6, 2022, Avem determined that the files contained patient information, including patient names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and diagnosis and treatment information.”

Avem plans to mail letters to patients whose information was potentially involved in the breach and said it is in the process of evaluating its vendor relationships.

Prairie Lakes Healthcare System Suffers Third-Party Data Breach

Prairie Lakes Healthcare System (PLHS) in South Dakota notified more than 1,000 individuals of a third-party data breach that originated at its collections vendor, Advanced Asset Alliance (AAA) Collections.

AAA discovered that the “incident” occurred between September 5 and 7, 2022, and potentially compromised the data of current and former PLHS and former Glacial Lakes Orthopaedics patients.

The information involved in the breach may have included names, birth dates, addresses, provider and facility names, diagnoses, medical record numbers, payment information, and dates of service.

AAA mailed notification letters to impacted patients in mid-December.

“PLHS is committed to ensuring the security and protection of patient information within its control and is working with AAA to prevent a similar event from occurring in the future,” PLHS stated.

“PLHS understands the inconvenience or concern that this matter may cause and encourages affected individuals to remain vigilant, monitor accounts, and immediately report any suspicious activity or suspected misuse of personal information.”

Work Health Solutions Notifies Patients of Email Breach

Work Health Solutions (WHS), an occupational health services company, disclosed a data breach that occurred when an unauthorized party accessed an email account between February 16 and March 24, 2022. The breach impacted more than 13,000 individuals.

WHS conducted an investigation that determined that the email account may have contained files and folders with protected health information (PHI), such as health insurance information, medical information, Social Security numbers, driver’s license numbers, and full names.

WHS said it had not received any reports of information being misused as a direct result of the incident.

“At WHS, protecting the privacy of personal information is a top priority. WHS is committed to maintaining the privacy of information pertaining to its service recipients and have taken many precautions to safeguard it,” the notice stated.

“WHS continually evaluates and modifies its practices to enhance the security and privacy of its service recipients’ information, including the education and counseling of its workforce regarding service recipient privacy matters.”