Jag_cz - stock.adobe.com
Third-Party Data Breach Impacts 119 Pediatric Practices, 2.2M Patients
The healthcare data breach occurred at Connexin Software, a provider of pediatric-specific health IT solutions.
Connexin Software, a company that offers pediatric-specific health IT solutions and operates under the name Office Practicum, notified more than 2.2 million individuals of a healthcare data breach that occurred in August 2022. Nearly 120 pediatric physician practices and practice groups were impacted by the breach.
Connexin provides practice management and electronic medical records software to pediatric physician practice groups, as well as billing services and business analytic tools. In late August, Connexin said it detected a “data anomaly” on its internal network.
Further investigation revealed that an unauthorized party was able to access an offline set of patient data used for troubleshooting and data conversion and subsequently remove some of that data.
“The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all,” Connexin noted.
The exposed data potentially included demographic information, Social Security numbers, treatment information, billing and claims information, and health insurance information. Along with the personal information of pediatric patients, parents, guardians, and guarantors may also have been impacted.
Connexin is providing child identity monitoring services for one year for impacted individuals and has begun mailing notices to impacted patients. Connexin said it has since hardened its systems to prevent future incidents.
CCA Health California Discloses Healthcare Data Breach Impacting 14K
CCA Health California, a health insurance agency, notified 14,631 individuals of a data breach that disrupted the IT systems of the former Vitality Health Plan of California, which is now owned by CCA Health California.
CCA Health California said it first identified the incident in September 2022 and immediately took steps to secure its systems. Further investigation revealed that an unauthorized party had accessed some systems between May and September and removed files.
“All of the specific files that may have been accessed or removed could not be determined, so we could not rule out the possibility that files containing certain CCA Health California member information identified here may have been involved,” the notice explained.
The information may have included birth dates, Social Security numbers, diagnosis and treatment information, demographic information, passport numbers, medical record numbers, lab results, provider names, health insurance information, and prescription information.
“To help prevent something like this from happening again, CCA Health California has enhanced our existing security safeguards, monitoring capabilities and technical measures to further protect and monitor our systems,” CCA Health California stated.
Hope Health Systems Notifies Nearly 10K of Breach
Maryland-based Hope Health Systems notified 9,972 individuals of potential unauthorized access to its servers that occurred in June 2022. Hope Health Systems discovered encrypted files on certain computer systems in June and launched an investigation.
Investigators were unable to rule out unauthorized access to data stored on its systems but did not find any evidence that specific information was actually viewed. Nonetheless, Hope Health Systems notified the potentially impacted individuals of the incident.
The types of information potentially included in the breach consisted of names, Social Security numbers, birth dates, driver’s license numbers, medical information, and health insurance information.
Hope Health Systems encouraged impacted individuals to remain vigilant and review account statements and explanation of benefits forms.