Data Security Incident Exposes PHI For Over 1K Zomo Health Members
In addition to Zomo Health’s recent data security incident, Northern California Fertility Medical Center reported a recent healthcare data breach.
Healthcare software company Zomo Health disclosed a data security incident to HHS that involved the protected health information (PHI) of 1,359 individuals accidentally being exposed.
According to a notice on its website, Zomo Health became aware of a spreadsheet containing plan member information that was inadvertently made accessible through its website on August 5, 2022.
The investigation concluded that the spreadsheet was accessible on the internet between January 15, 2022, and August 5, 2022.
The impacted information potentially included names, dates of birth, Social Security numbers, health plan information, work addresses, phone numbers, email addresses, and information regarding participation in health plan incentives.
“The file was made accessible through human error and was not due to intentional or malicious action,” the notice stated.
After discovering the error, Zomo Health stated it immediately took the file off the website and secured its contents.
“As a result of this incident, we have remediated the process vulnerability that led to the error and engaged an external security company to enhance the security of our technology systems on an ongoing basis,” Zomo Health said.
The investigators have not found evidence that any information has been accessed or stolen, but out of an absence of caution, Zomo Health is mailing letters to impacted individuals.
“We are also providing resources involved individuals can use to help protect their information, including complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were involved in this incident.
Fertility Clinic Experiences Third-Party Data Breach
Northern California Fertility Medical Center (NCFMC) informed an undisclosed number of individuals of a third-party data breach involving some patient information.
On September 23, 2022, NCFMC stated it recently learned that an unauthorized party had accessed the company’s network and attempted to encrypt some of the data.
NCFMC was able to shut off all access to the network immediately and engage specialized third-party forensic resources to secure its environment.
Once the environment was secure, a comprehensive investigation was immediately initiated into the cause and extent of the unauthorized activity.
“Data privacy is among NCFMC’s highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information in our care,” the report stated. “Upon detecting this incident, we moved quickly to initiate our incident response, which included fully securing and remediating our network and the data that we maintain.”
Since its investigation, there has been no evidence to suggest any information was misused. However, the patients’ names, the status of an ultrasound performed at NCFMC, and cryopreserved tissue stored at NCFMC may have been exposed during the breach.
In this event, investigators found no evidence that Social Security numbers, credit card numbers, or medical records were compromised.