Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

3 recent healthcare data breaches expose millions to privacy risks

Written by Farah Amod | April 30, 2024

Three major healthcare organizations, Medical Management Resource Group, Prime Healthcare, and AGC Flat Glass North America, Inc., have recently disclosed data breaches, putting the protected health information (PHI) of over 2.5 million individuals at risk. These breaches have raised serious concerns regarding the security of sensitive medical and personal data and the potential consequences for the affected individuals.

 

Medical Management Resource Group

In recent news, Medical Management Resource Group, LLC (MMRG), operating as American Vision Partners, revealed a hacking incident that compromised the protected health information (PHI) of 2,350,236 individuals. 

On November 14, 2023, MMRG detected unauthorized activity within its network and promptly took action to contain the threat. Recognizing the severity of the situation, MMRG engaged a third-party cybersecurity firm to investigate the breach. After thorough analysis, it was confirmed on or around December 6, 2023, that there had indeed been unauthorized access to MMRG's network, resulting in the removal of files containing patient data.

The compromised files contained a wealth of sensitive information, including names, contact details, dates of birth, and medical records such as services received, clinical records, and medications. Additionally, for some individuals, Social Security numbers and health insurance information were also exposed

MMRG is in the process of notifying the 2,350,236 individuals whose PHI was compromised. Recognizing the potential consequences of this breach, MMRG has taken steps to assist those affected. The company is offering complimentary credit monitoring and identity protection services to mitigate the risk of identity theft and financial fraud.

 

Prime Healthcare 

In a separate incident, Prime Healthcare confirmed that the protected health information of 101,135 individuals was compromised in a cyberattack on its business associate, Keenan & Associates, the administrator of its employee benefit health plan. Keenan & Associates detected the breach in late August 2023 and promptly informed Prime Healthcare.

During the period between August 21, 2023, and August 27, 2023, an unauthorized third party gained access to Keenan & Associates' network, compromising sensitive information. The breached data includes names, dates of birth, Social Security numbers, passport numbers, driver's license numbers, health insurance information, and health-related details such as diagnosis and treatment information.

Keenan & Associates has taken responsibility for the breach and is offering all affected individuals complimentary credit monitoring and identity theft protection services for a period of 24 months. This proactive measure minimizes the potential harm caused by unauthorized access to sensitive personal information.

 

AGC Flat Glass North America, Inc

Another incident involves AGC Flat Glass North America, Inc., which recently fell victim to a hacking attack that disrupted its production and shipments. The cyberattack was detected on December 15, 2023, and is under investigation. Preliminary findings indicate that the hackers gained access to parts of AGC Flat Glass North America's system containing the data of members of its Welfare Benefits Plan.

The compromised data includes names, Social Security numbers, driver's license numbers, passport numbers, financial account information, and health insurance plan enrollment details. The Maine Attorney General has been notified of the breach, which impacts 20,415 individuals. The HHS' Office for Civil Rights breach report confirms that the protected health information of 13,079 Welfare Benefits Plan members was compromised.

 

Why it matters

These recent healthcare data breaches exemplify the pressing demand for healthcare organizations to enhance their cybersecurity defenses. It's necessary not only to update systems and enforce security protocols but also to cultivate a mindset of vigilance and awareness throughout the industry. This trend is evidenced by the increasing frequency of breaches reported in the healthcare sector, proving the necessity for healthcare organizations and their business partners to prioritize rigorous security measures. Ultimately, safeguarding patient data isn't just a legal and ethical responsibility – it's about maintaining the fundamental trust that underpins the healthcare industry.