Recent email account breaches at Bassford Remele and Scott County, Iowa, have raised significant concerns regarding the security of protected health information (PHI). Both incidents resulted in unauthorized access to sensitive patient data, prompting immediate investigations and enhanced security measures.
Email Data Stolen from Bassford Remele
The Minneapolis-based law firm, Bassford Remele P.A., reported a data security incident identified on September 4, 2024. The investigation revealed that unauthorized emails were sent from a third-party application masquerading as an employee’s email account.
The breach occured between July 29, 2024, and September 4, 2024. During this period, the unauthorized party copied the contents of the email account. The sensitive data accessed included:
- Names
- Contact information
- Dates of birth
- Medical records
- Diagnosis details
- Treatment information
- Provider names
- Social Security numbers
- Driver’s license numbers
- Financial account information
- Taxpayer information
Bassford Remele has notified affected individuals and is offering complimentary credit monitoring and identity theft protection services. The breach has been reported to the HHS’ Office for Civil Rights, affecting 4,435 individuals.
Scott County Reports Email Account Breach
Scott County, Iowa, confirmed unauthorized access to an employee’s email account, detected on July 11, 2024. The forensic investigation established that unauthorized access occurred between July 10, 2024, and July 12, 2024.
A thorough review completed on December 31, 2024, confirmed the account contained the PHI of 4,336 individuals, including:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- Medical information
- Health insurance information
To mitigate future risks, Scott County is enhancing employee training and updating its data privacy policies.
Birch Medical Identifies Unauthorized Network Access
Birch Medical, a provider of virtual MRI consultation services, detected unauthorized access to its network in September 2024. An investigation revealed that a folder containing patient data had been accessed, although it was unclear if any files were copied.
The potentially accessed data included names and medical information, but Social Security numbers, government-issued IDs, and financial information were not compromised. Birch Medical is implementing additional safeguards and notifying affected patients.
“We are committed to protecting the privacy of our clients,” stated a representative from Bassford Remele.
Both Bassford Remele and Scott County are taking steps to enhance their cybersecurity measures in response to these incidents.
Helpful Reads:
