AccelHealth entity Cross Timbers Health Clinics was infiltrated by a ransomware attack on December 15 2021 which stopped the Federally Qualified Health Center from logging onto its own databases.
The Brownwood, Texas-based clinic brought in the help of an external cybersecurity firm to review the security breach. This group was able to determine that access to the networks was first obtained by unauthorized individuals on December 9, 2021.
During the time period from December 9-15, network access remained open, allowing the cybercriminals to see or remove files that held PHI. An in-depth review of the network revealed that some sections that were infiltrated held the PHI of some 48,126 individuals. This PHI included names, address info, birth of birth, Social Security specificis, driver’s license details, financial information, health insurance data, medical records, and treatment and diagnosis’ recorded.
During the review, nothing was found to suggest that data may have been removed from the databases and, by the time that the group began sending notification letters, there had been no indication that any actual or attempted improper use of patient data. AccellHealth revealed that enhanced technical security measures are being introduced to avoid any additional cyberattacks from being permitted to take place and those impacted in the breach have been offered free credit monitoring services as a precautionary step.
Meanwhile, Jacksonville-based Pace Center for Girls, a 6-12 education program for at-risk teenage girls, has become aware that some of its databases were accessed by unauthorized individuals who could have viewed or stolen private data of current and former clients.
The security breach was first discovered during the week of December 13, 2021, and the following review confirmed in January 2021 that sections of its databases that held private information had been accessed by the cybercriminals. The data in question included students’ identities, home address details, phone contact details, birth dates, Florida Department of Juvenile Justice identification information, enrollment forms, behavioral health details, and parent/guardian identities.
Pace Center for Girls said an external firm of cybersecurity experts was contracted to assist in securing its network and physical computer access and review the existing data protection and gateway security systems. Enhance measures will be configured, as necessary, to improve security from unauthorized access. Impacted individuals have been warned to inform Experian, Equifax, and TransUnion of the security threat and look out for any suspicious use of their private information.
According to the breach report submitted to HHS’ Office for Civil Rights the breach impacted as many as 18,300 people.