Source 1 | 2022-10-07
“October 07, 2022 - Healthcare software company Zomo Health disclosed a data security incident to HHS that involved the protected health information (PHI) of 1,359 individuals accidentally being exposed. According to a notice on its website, Zomo Health became aware of a spreadsheet containing plan member information that was inadvertently made accessible through its website on August 5, 2022. The investigation concluded that the spreadsheet was accessible on the internet between January 15, 2022, and August 5, 2022. “
“The impacted information potentially included names, dates of birth, Social Security numbers, health plan information, work addresses, phone numbers, email addresses, and information regarding participation in health plan incentives. “The file was made accessible through human error and was not due to intentional or malicious action,” the notice stated. After discovering the error, Zomo Health stated it immediately took the file off the website and secured its contents.“
““As a result of this incident, we have remediated the process vulnerability that led to the error and engaged an external security company to enhance the security of our technology systems on an ongoing basis,” Zomo Health said. The investigators have not found evidence that any information has been accessed or stolen, but out of an absence of caution, Zomo Health is mailing letters to impacted individuals.“
Source 2 | 2022-10-07
“Northern California Fertility Medical Center (NCFMC) informed an undisclosed number of individuals of a third-party data breach involving some patient information. On September 23, 2022, NCFMC stated it recently learned that an unauthorized party had accessed the company’s network and attempted to encrypt some of the data.“
“Once the environment was secure, a comprehensive investigation was immediately initiated into the cause and extent of the unauthorized activity. “Data privacy is among NCFMC’s highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information in our care,” the report stated. “Upon detecting this incident, we moved quickly to initiate our incident response, which included fully securing and remediating our network and the data that we maintain.”“
“Since its investigation, there has been no evidence to suggest any information was misused. However, the patients’ names, the status of an ultrasound performed at NCFMC, and cryopreserved tissue stored at NCFMC may have been exposed during the breach. In this event, investigators found no evidence that Social Security numbers, credit card numbers, or medical records were compromised.“
Cybersecurity for Critical Infrastructure
SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.
