Getty Images

Latest Healthcare Data Breaches Have Varying Impacts on Health Data

The latest string of healthcare data breach notifications includes breaches at a New York police union, a California post-acute care facility, and a Colorado FQHC.

California-based Legacy Post Acute Care notified patients of a data breach that occurred between January 19 and March 3 2022. In September, Legacy Post Acute Care first discovered that an unauthorized party had accessed several employee email accounts during the two-month period.

The email accounts contained patient names, Social Security numbers, treatment information, health insurance information, financial information, prescription information, and patient account and medical record numbers.

Legacy Post Acute Care said it was not aware of any identity fraud or misuse of information relating to the incident.

“We are committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” the notice stated.

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of personal information.”

NY Police Detectives’ Endowment Association Breach Impacts 21K

The Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department City of New York (NYCDEA) disclosed a breach to HHS and submitted a notice to the Maine Attorney General’s Office detailing a 2021 breach that involved protected health information (PHI). More than 21,000 individuals were impacted by the breach.

“Upon discovering the suspicious activity, the NYCDEA moved as quickly as we reasonably could,” the notice explained.

“However, it took us considerable time to determine what information was impacted and who was potentially affected.”

According to the notice, NYCDEA detected suspicious activity within its email environment in December 2021. Despite discovering the incident last year, the investigation into the impacts of the breach did not conclude until October 3, 2022.

The information involved in the incident varied by individual, but may have included names, addresses, financial account numbers, medical history, health insurance information, usernames and passwords, dates of birth, and driver’s license numbers.

NYCDEA said it did not have evidence that any information had been misused. The association offered impacted individuals 12 months of credit monitoring and identity theft protection services.

Colorado FQHC Discloses Breach

Colorado-based Salud Family Health, a Federal Qualified Health Center (FQHC), disclosed a healthcare data breach that it discovered in September.

Further investigation revealed that Salud suffered unauthorized access on September 5 and that “certain data may have been accessed or taken.”

“Salud's investigation determined that some employee and patient personal and protected health information was potentially subject to unauthorized access,” the notice stated.

Salud said it immediately took additional steps to protect sensitive information and confirm the security of its systems.

“While Salud had policies and procedures in place at the time of incident regarding security of information, Salud is reviewing and enhancing those policies and procedures to further protect against similar incidents moving forward,” the notice continued.

Next Steps

Dig Deeper on Healthcare data breaches