Alabama Cardiovascular Group filed a report with HHS confirming that more than 280,000 individuals were affected by a healthcare data breach. On July 2, 2024, ACG discovered unauthorized activity on its computer network.
However, further investigation revealed that the unauthorized parties had maintained access to the network for nearly a month between June 6 and July 2, 2024. ACG immediately cut off access when it discovered the incident, but not before the unauthorized parties obtained personal information.
The affected information varied by person but could have included names, phone numbers, demographic information, Social Security numbers, email addresses, usernames and passwords, and health insurance claims information. For some individuals, passport or driver’s license numbers, credit card information and bank account information might have been involved in the breach.
ACG engaged law enforcement, temporarily disconnected the ACG network from the internet and reset user passwords to prevent future incidents.
Affected individuals are entitled to 24 months of identity theft protection services.
Kootenai Health discloses data breach
Aside from ACG, another 2024 data breach was disclosed, this time at Kootenai Health in Coeur d’Alene, Idaho. Kootenai Health and its subsidiaries, Kootenai Clinic, Kootenai Outpatient Surgery and Kootenai Outpatient Imaging suffered a breach in February 2024.
According to an August 12 notice to consumers, Kootenai Health discovered unusual activity on its IT systems on March 2, 2024. Further investigation with the help of cybersecurity experts determined that an unknown party gained access to certain data from the Kootenai Health network on February 22, 2024.
Kootenai Health then engaged in a comprehensive investigation of the affected data, which concluded on August 1, 2024.
The information involved in the breach included names, dates of birth, medical treatment information, diagnoses, medication information, driver’s license numbers, Social Security numbers, medical record numbers and health insurance information.
“Kootenai Health takes the security and privacy of personal information in its possession very seriously and is taking additional steps to prevent a similar event from occurring in the future,” the notice stated.
“Thankfully, the incident had no impact on Kootenai Health’s operations or ability to serve patients and the community.”
Kootenai Health said it was not aware of any misuse of personal information stemming from this breach at the time of publication.
Fraser Child and Family Center suffers data breach
Fraser Child and Family Center in Minnesota notified 67,000 individuals of a healthcare data breach. On June 2, 2024, Fraser discovered suspicious network activity and immediately launched an investigation.
Fraser later determined that an unauthorized party had accessed and potentially copied certain files on its systems between May 30 and June 2, 2024.
While the review of affected data is ongoing, Fraser said that the categories of information affected might include names, medical information, addresses, dates of birth and Social Security numbers.
Fraser encouraged individuals who received the breach notice to monitor accounts and remain vigilant against instances of identity theft and fraud.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.