NorthBay Healthcare Corporation, a nonprofit healthcare system that operates two hospitals — NorthBay Medical Center -& NorthBay VacaValley Hospital — and multiple primary care locations in California, has recently announced a data breach involving the personal and protected health information of 569,012 individuals.According to the notification sent to the Maine Attorney General, suspicious activity was identified within its network on February 23, 2024. An internal investigation was launched, law enforcement was notified, and third-party cybersecurity experts were engaged to assist with the investigation. The notification letter confirms that a threat actor gained access to its network on January 11, 2024, and the unauthorized access continued until April 1, 2024, more than 6 weeks after the security incident was detected. The notification letter does not explain why it took so long to eject the unauthorized third party from its network.The investigation confirmed that the threat actor had access to files containing patient data. The file review confirmed that the following types of information had been exposed; names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, biometric information, medical information, health insurance information, usernames/passwords, financial account numbers, and credit/debit card numbers, which for some individuals included expiry dates, security codes, and/or PINs.NorthBay Healthcare said it has enhanced its technical safeguards to prevent similar data breaches in the future and has offered the affected individuals a one-year membership to a credit monitoring and identity theft protection service. Individual notification letters were mailed to the affected individuals on January 29, 2024, more than 11 months after the breach was detected. NorthBay Healthcare said it does not believe the exposed data has been misused for identity theft or fraud. Given the sensitivity of the exposed data, it is strongly advisable to take advantage of the services being offered and to carefully check accounts and explanation of benefits statements going back to January 2024 for possible misuse of personal data.Benefits Management Group, Inc.——————————-Benefits Management Group, Inc. (BMGI), an Oak Brook, IL-based business management consultancy firm and employee benefits administrator, has announced a security incident that was detected on November 26, 2024. Assisted by third-party cybersecurity experts, BMGI determined that its network had been accessed by an unauthorized third party that likely copied files from its network on November 8, 2024.The review of the exposed files is ongoing, and it has yet to be determined exactly how many individuals have been affected. The breach report has been submitted to the HHS’ Office for Civil Rights with an interim figure of 501 affected individuals. The total will be updated when the file review concludes. BMGI said the information likely compromised in the incident includes names, addresses, dates of birth, and Social Security numbers.The post [NorthBay Healthcare Notifies 569K Individuals About February 2024 Data Breach](https://www.hipaajournal.com/northbay-healthcare-data-breach/) appeared first on [The HIPAA Journal](https://www.hipaajournal.com).
Related Tags:
NAICS: 622 – Hospitals
Blog: Hipaa Journal
File and Directory Discovery
Data from Local System
Associated Indicators: