Sunday notes: Welldyne, North Alabama Bone & Joint Clinic disclose breaches affecting patient data
A Sunday two-fer on health data breaches:
WellDyneRx, LLC (“WellDyne”) issued a press release on May 6 concerning an incident they first detected on December 2. The Florida-headquartered pharmacy benefits service provider’s investigation discovered that there was unauthorized access to an email account between October 30, 2021, and November 11, 2021.
“Although there is no evidence that individually-identifiable information contained within the email account was accessed or taken by an unauthorized party, WellDyne cannot rule out this possibility,” they write, disclosing that the types of data may vary by individual but might include name, date of birth, Social Security number, driver’s license number, treatment information, health insurance information, contact information, prescription information, and other medical/health information.
Read their full press release at Yahoo!
North Alabama Bone & Joint Clinic, P.C. (“NABJC”) also issued a press release about an incident impacting patient data. On March 9, 2022, they became aware of suspicious activity in the network. While the investigation is still ongoing, they have already confirmed that some employee email accounts had been accessed without authorization on March 9.
At this point they have not sent any notification letters but will be sending letters once they figure out who may have potentially been affected. They report that they anticipate that the types of information will vary by individual but may include name, contact information, financial information, date of birth, family information, medical record number, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information.
Read their preliminary notice (pdf).