Data Breaches Reported by Ezras Choilim Health Center, Maxillofacial & Implant Surgery, and Battle Mountain General Hospital

by

About 60,000 People Impacted by the Ezras Choilim Health Center Cyberattack

Ezras Choilim Health Center based in Monroe, NY recently submitted a breach report to the HHS’ Office for Civil Rights indicating that 59,861 individuals’ protected health information (PHI) were affected. The strange activity was noticed inside its system on September 18, 2023. The forensic investigation confirmed on November 14, 2023 the attacker’s exfiltration of files from its network. Ezras Choilim Health Center publicly shared the information breach several days later, however, the analysis of the impacted files was still in progress during that time.

The following information was exposed and possibly stolen during the attack: names together with addresses, birth dates, medical data, limited health data, and Social Security numbers. Ezras Choilim Health Center stated that it prioritizes data privacy and security and has taken steps to enhance protection and mitigate the threat of harm. Those steps include establishing a security operations center for checking, discovering, and responding to security risks throughout its data systems and network.

Patient Information of Northern Virginia Oral, Maxillofacial & Implant Surgery Compromised in Cyberattack

Northern Virginia Oral, Maxillofacial & Implant Surgery (NOVA OMS) has advised 5,568 persons (which include 4,333 patients) concerning the compromise of some of their PHI in a cyberattack found on October 5, 2023. According to the third-party forensic investigation, the personal data and PHI were potentially accessed and extracted without permission from October 3, 2023, to October 6, 2023. The impacted files were analyzed at the end of February, and the affected persons already received the notification letters.

The data impacted differed from one person to another and could have included names, health data, medical insurance data, driver’s license numbers, and other sensitive details, the specifics of which are contained in the personal notification letters. Free identity protection services were accessible to the affected people. NOVA OMS mentioned supplemental safety measures were enforced to stop identical occurrences later on.

3,000 Persons Have PHI Breached in Battle Mountain General Hospital Cyberattack

Battle Mountain General Hospital located in Nevada has reported the potential compromise and theft of the personal information and PHI of workers and patients. On January 25, 2024, an unauthorized person used a vulnerability and remotely viewed a staff member’s workstation. The forensic investigation established that the compromised records involved names, dates of birth, addresses, Social Security numbers, medical backgrounds, and treatment details of patients and staff members. Roughly 3,000 persons had their data breached.

Battle Mountain General Hospital CEO, Jason Bleak, said apologies for what has occurred and the stress this occurrence may cause the victims. Though data was compromised, no information was seen that suggests that any of the compromised information was disclosed, publicized, or abused; nonetheless, as a preventative measure, the impacted people were provided free credit monitoring and identity theft protection services.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone