Share this article on:
Data breaches were recently reported by Houston Area Community Services, County of Kings in California, and NYU Langone Health.
Avenue 360 Health and Wellness Reports Breach of Employee Email Accounts
Houston Area Community Services, Inc., doing business as Avenue 360 Health and Wellness, has discovered that an unauthorized person has gained access to certain employees’ email accounts and may have viewed or obtained the information of protected health of 12,186 people.
Avenue 360 Health and Wellness said its investigation determined that email accounts were compromised between January 15, 2021 and April 2, 2021. A third-party vendor that specializes in analyzing security incidents such as this- ci was hired to help with the investigation.
A full review was performed on all emails and attachments in the account. On November 9, 2021, Avenue 360 discovered that the account contained names, medical records numbers, health insurance information, dates of birth, diagnoses, clinical and treatment information, and information about the prescriptions. A limited number of people also had their social security number and/or financial information exposed.
Avenue 360 has not received any reports of misuse or attempted misuse of patient data as a result of the email security breach. Notification letters began being sent to affected individuals on January 5, 2022, and free credit monitoring services were offered to individuals whose social security number was exposed. Email security has since been improved with anti-spam technology and multi-factor authentication.
A web server misconfiguration exposed the COVID-19 data of 16,590 people
Kings County, a political subdivision of the state of California, discovered that a public web server had been misconfigured, resulting in COVID-19 case information being exposed.
The data had been provided to the county public health department by the California Department of Public Health and county health care providers and included names, birth dates, addresses and information related to COVID- 19. The misconfiguration was detected on November 24, 2021, and the issue was fully fixed on December 6, 2021. Investigation revealed that the misconfiguration occurred on February 15, 2021.
Kings County officials said they could not rule out unauthorized access to data during those 10 months, although there is no indication that any of the exposed information has been or will be. misused.
Notification letters began being sent to the 16,590 individuals whose sensitive information was exposed on January 21, 2022. The county believes the limited nature of the data exposed means that individuals are not at risk and do not need to take further action. The county said it was taking steps to ensure COVID-19 information is better protected in the future.
NYU Langone Health notifies 1,123 patients of misshipment incident
NYU Langone Health began notifying 1,123 patients of a vendor misshipment. On or about November 12, 2021, NYU Langone notified patients of the planned relocation of one of its surgical oncologists, who was based in Lake Success, NY.
A third-party provider was used to send the notification letters and reformatted the addresses, which resulted in misalignment of patient names and addresses on the envelopes. As a result, the letters were sent to incorrect addresses. The letters were addressed as “Dear Patient” and did not include any protected health information.
NYU Langone has received assurances from its supplier that policies, procedures and practices have been reviewed and updated to prevent similar misdirected mailings from occurring in the future.