Tallahassee Memorial Provides Healthcare Data Breach Notice

Following a February 2023 healthcare data breach that caused Tallahassee Memorial HealthCare to divert EMS patients and take its IT systems offline, the health system reported the breach to HHS.

Tallahassee Memorial HealthCare (TMH) provided a healthcare data breach notice to HHS following a February breach. The incident impacted 20,376 individuals in total.

As previously reported, TMH began responding to an IT security issue in early February by taking its IT systems offline as a precaution. TMH diverted some EMS patients and rescheduled all non-emergency surgical and outpatient procedures as it continued to deal with the incident.

In a March 31 update, TMH determined that an unauthorized party had accessed its network and obtained certain files between January 26 and February 2, 2023.

The information involved in the incident included names, Social Security numbers, dates of birth, medical record numbers, limited treatment information, patient account numbers, and health insurance information.

“As a dedicated, community-based health care provider for nearly 75 years, TMH cares deeply about our community and the patients we serve,” TMH stated. “We take this incident very seriously and want to assure patients that we are continually enhancing the security of our electronic systems and the data we maintain to help prevent events such as this from occurring in the future.”

Southwest Healthcare Services Suffers Breach

Southwest Healthcare Services in southwest North Dakota and northwest South Dakota reported a breach that occurred in October 2022. Southwest discovered on January 31, 2023, that some files may have been accessed or acquired by an unauthorized party for two days in October.

The files contained names, addresses, medical record numbers, dates of birth, driver’s license numbers, health insurance information, and clinician and treatment information. Some patients potentially also had their Social Security numbers, payment information, and financial account information impacted.

Southwest said it had no evidence that any of the compromised information had been or will be misused for identity theft. The practice began notifying impacted individuals of the breach on March 31.

Southwest also said that it would continually evaluate and modify its security and privacy controls.

Arizona Liver Health Reports Breach

Arizona Liver Health (ALH), also known as the Institute for Liver Health II and Arizona Clinical Trials, notified individuals of a recent healthcare data breach.

On January 30, law enforcement informed ALH that “ALH was named in a part of the internet used by criminals as an entity whose information may have been taken by a criminal,” the notice stated.

ALH launched an investigation, which revealed that an unauthorized party had gained access to its systems for a limited period of time and obtained files.

The compromised information potentially included dates of birth, financial account numbers, diagnoses, lab results, medication and treatment information, and some driver’s license numbers.

“The notification from law enforcement prompted us to commence an investigation, which included retaining a specialized cyber firm,” ALH noted. “We also took certain administrative and technical precautions to prevent this type of incident from happening again. ALH is also notifying relevant regulatory authorities, as required.”

Next Steps

Dig Deeper on Healthcare data breaches