At a glance.
- Healthcare provider confirms patient data exposure.
- Cyber incident at New Mexico health center.
Healthcare provider confirms patient data exposure nearly fifteen months after attack.
Synergic Healthcare Solutions LLC, a healthcare provider located in the US state of Florida, last month informed the Department of Health and Human Services (HHS) that a cyberincident exposed the data of 258,411 Synergic patients. However, some are wondering why the compromised patients are only learning of the data breach now. The breach is tied to a 2021 ransomware attack impacting Synergic’s associate Fast Track Urgent Care Center, an operator of urgent care clinics. Fast Track says one of its vendors, PracticeMax Inc., discovered an unauthorized individual had gained access to its network in May 2021. It wasn’t until February 2022 that PracticeMax informed the clinic that Fast Track’s customer and patient data may have been compromised, and the data exposure wasn’t confirmed until last month. According to the Health Insurance Portability and Accountability Act (HIPAA), HHS and affected individuals must be notified about patient health information breaches impacting five hundred individuals or more within sixty days of discovery. Though breach investigations can take time, president of privacy and security consulting firm the Marblehead Group Kate Borten says this case seems excessive. Borton told GovInfoSecurity, “It can be difficult to analyze the extent and details of a breach, but the delay in this case seems extreme. Vendors should take PHI potential breaches as seriously as the covered entities having direct relationships with affected patients.” A statement from PracticeMax says the company has reviewed its existing policies and procedures and executed additional security protections to prevent future incidents.
Cyber incident at New Mexico health center.
First Choice Community Healthcare on Monday began notifying patients of a March data breach that exposed their protected health information. Becker Hospital Review reports that the health center, based in the US state of New Mexico, discovered the breach on March 27, and on June 3 First Choice conducted an investigation. Analysis confirmed the compromise of patient information including names, Social Security numbers, birthdates, patient ID numbers, diagnosis and clinical treatment details, and health insurance information. A press release from First Choice says the exact number of impacted patients is unknown at this time.