Alex - stock.adobe.com

CA Hospital Notifies Patients of Healthcare Data Breach

An unauthorized party accessed San Gorgonio Memorial Hospital’s network and copied some files, resulting in a healthcare data breach.

San Gorgonio Memorial Hospital in Banning, California notified patients of a recent healthcare data breach. The hospital discovered that an unauthorized party had gained access to its network between October 29 and November 10, 2022. The unauthorized party copied some documents on the hospital’s system during that time.

The documents contained names, addresses, medical record numbers, visit ID numbers, health insurance information, clinical information, and dates of birth. The investigation is ongoing, but the hospital said it would update patients if it discovered that any additional information was involved in the incident, such as financial account information or government-issued ID numbers.

Upon discovery of the breach on November 10, San Gorgonio Memorial Hospital said it immediately initiated its incident response protocols and isolated select systems. The hospital encouraged patients to review statements they receive from their healthcare providers and insurers.

Acuity Brands Discovers 2 Data Security Incidents

Acuity Brands, a lighting and building management solutions company, disclosed two unrelated breaches that impacted employee health plan information. The Georgia-based company discovered that an unauthorized party had accessed its systems and copied a subset of files from its network between December 7 and 8, 2021.

During its investigation, Acuity also discovered that an unauthorized party had accessed its network between October 6 and 7, 2020, and attempted to copy certain files from its network.

“Acuity conducted a review of the files from both incidents. The review identified that they contained personal information for current and former employees and members of Acuity's health plan,” the notice stated.

“Our investigation concluded that only employee data was involved and sensitive customer data was not impacted.”

The December 2021 incident involved names, enrollment and claims information, Social Security numbers, and health information related to employment at Acuity, such as injury information related to workers compensation claims.

Similarly, the October 2020 incident potentially included names, Social Security numbers, financial account information, and health information.

Acuity said it enhanced its security protocols in light of the discovery.

Maryland Senior Living Community Suffers Breach

Blakehurst, a senior living community in Towson, Maryland, notified current and former employees and patients of a data security incident. Blakehurst said it first discovered unusual activity within its email environment in February 2022.

Further investigation revealed that an unauthorized party may have accessed some employee email accounts and viewed information pertaining to current and former employees and individuals who received services at Blakehurst.

The information involved in the incident potentially included names, Social Security numbers, medical information, health insurance information, driver’s license numbers, dates of birth, and financial account numbers.

Despite discovering the incident in February, Blakehurst began notifying impacted individuals of the incident on December 6.

“The privacy and protection of personal and protected health information is the top priority for Blakehurst,” the notice concluded. “We deeply regret any inconvenience or concern this incident caused.”

Next Steps

Dig Deeper on Healthcare data breaches