Data breaches reported by three Californian healthcare providers

Multiple healthcare providers have reported data breaches, impacting thousands of individuals in California. The incidents involved unauthorized access to sensitive patient information, highlighting ongoing cybersecurity challenges in the healthcare sector.

Vasinda’s Around the Clock Care (ATC Home Care), operating as ATC Home Care in California, is the first healthcare provider to report a significant data breach affecting 3,785 individuals. The breach, discovered on June 18, 2024, stemmed from a computer intrusion that began on January 30, 2024. Unauthorized access to the network continued for almost five months, during which sensitive patient information was compromised, including names, addresses, Social Security numbers, health insurance details, billing and claims information, and various medical records.

ATC Home Care has updated its cybersecurity policies and procedures in response to the breach and is assessing new security tools to mitigate future risks. Affected individuals have been offered complimentary credit monitoring services for 12 months.

Baker Places, a mental health service provider in San Francisco, CA, also reported unauthorized access to an employee’s email account between February 12, 2024, and February 29, 2024. The breach exposed the protected health information of 971 individuals, including Social Security numbers, driver’s license numbers, financial account details, and various medical and treatment records. Although Baker Places stated that the risk of misuse is believed to be low, no specific explanation was provided. As a precaution, affected individuals have been offered credit monitoring and identity theft protection services.

The third victim is Turning Point of Central California, a provider of mental health and social services. It reported a data breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) affecting at least 500 individuals. The breach was identified on May 31, 2024, and a subsequent investigation confirmed unauthorized access to the network, potentially exposing names, addresses, and Social Security numbers. TPOCC is thoroughly reviewing its system security and will implement additional security controls to prevent future incidents. Affected individuals will be offered complimentary credit monitoring and identity theft restoration services.