"Redwood Coast Regional Center, a Ukiah, CA-based social services organization that provides services and support to children and adults with developmental disabilities, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected at least 500 individuals. 500 is a placeholder commonly used when reporting a data breach to OCR to meet the 60-day reporting deadline of the HIPAA Breach Notification Rule when the total number of affected individuals is yet to be established.
Unusual activity was detected within its computer network on March 6, 2024, and assisted by third-party cybersecurity specialists, it was determined that there was unauthorized access to its network, including files containing patient data. The types of data accessed or obtained in the attack varied from individual to individual and may have included names in combination with one or more of the following: address, phone number, email address, date of birth, Social Security Number, driver’s license/state ID number, financial account information, treatment/diagnosis information, prescription information, provider name, medical record/case number, Medicare/Medicaid ID number, health insurance information, and/or treatment cost information."
swidup
commented
2 weeks ago
https://www.hipaajournal.com/singing-river-health-system-895000-breach/
"Redwood Coast Regional Center, a Ukiah, CA-based social services organization that provides services and support to children and adults with developmental disabilities, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected at least 500 individuals. 500 is a placeholder commonly used when reporting a data breach to OCR to meet the 60-day reporting deadline of the HIPAA Breach Notification Rule when the total number of affected individuals is yet to be established.
Unusual activity was detected within its computer network on March 6, 2024, and assisted by third-party cybersecurity specialists, it was determined that there was unauthorized access to its network, including files containing patient data. The types of data accessed or obtained in the attack varied from individual to individual and may have included names in combination with one or more of the following: address, phone number, email address, date of birth, Social Security Number, driver’s license/state ID number, financial account information, treatment/diagnosis information, prescription information, provider name, medical record/case number, Medicare/Medicaid ID number, health insurance information, and/or treatment cost information."