Privacy Briefs: December 2023

By Jane Anderson

Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates (PJ&A) that affected nearly 9 million patient records in multiple states overall. According to PJ&A’s cyber incident notice, an unauthorized party gained access to the company’s network between March 27 and May 2 “and, during that time, acquired copies of certain files from PJ&A systems.”[1] The transcription company determined that the files involved contained personal health information that potentially included names, dates of birth, addresses, medical record numbers, hospital account numbers, admission diagnoses and dates and times of service. For some individuals, the impacted data may have included Social Security numbers, insurance information and clinical information from medical transcription files, such as laboratory and diagnostic testing results, medications, the name of the treatment facility and the names of health care providers. Cook County Health reported that records of 1.2 million patients were affected by the breach and said it had terminated its relationship with PJ&A upon learning of the data security incident.[2] Northwell Health reportedly may have had more than 3.8 million affected patients.[3]

Truepill, a digital health startup that provides pharmacy fulfillment services for health care organizations, confirmed that hackers accessed the personal data of more than 2.3 million patients. In a data breach notice published on its website, the company said that Postmeds, the parent company behind TruePill, experienced a “cybersecurity incident” that allowed unnamed attackers to gain access to files used for pharmacy management and fulfillment services between Aug. 30 and Sept. 1. The company’s investigation found that the accessed files contained sensitive customer information, including patient names, unspecified demographic information, medication type and the name of the patient’s prescribing physician. Truepill said Social Security numbers were not involved. The company’s website said that Truepill has served more than 3 million patients and delivered 20 million prescriptions since it was founded in 2016. In response to the breach, Truepill said it was enhancing its security protocols and rolling out additional cybersecurity training for employees.[4]

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings