Digital Forensics Dispatch

Three Health Care Service Providers Hit by Data Breaches

April 19, 2022

In a recent post on the HIPAAJournal.com, Steve Adler highlighted three different data breaches recently experienced by health care providers, the effects on both organizations and patients, and what those organizations are doing about the incidents.

The first breach covered in the article was that of New Jersey Brain and Spine, or NJBS. Back in mid-November 2021, NJBS experienced an attack that encrypted data on its networked systems. The company quickly engaged a digital forensic firm to assist in mitigating and investigating the incident.

While there was no direct evidence located to prove access to sensitive patient data, the investigation did eventually reveal that data such as names, dates of birth, email addresses, telephone numbers, credit card numbers and even SSNs would have been available and could have been accessed by the bad actors.

The NJBS breach was reported potentially to affect over 90,000 people. Additional security measures, such as two factor authentication and additional system monitoring have been put in place.

The other two incidents occurred at Highmark Inc., a non-profit healthcare company and Dialyze Direct, a provider of kidney care services. The data that was exposed from Highmark was apparently in the possession of a marketing company Highmark used for printing and mailing services. This should obviously serve as a good reminder to vet any vendor that has access to your data.

The two breaches reported affected over 67,000 and 14,000 additional patients respectively. Both companies have been offering identity/credit monitoring services to customers that were involved.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics