Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Aesto Health notifies OCR of data security incident

Aesto, LLC, doing business as Aesto Health, notified, on 20 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 17,400 individuals. In particular, Aesto Health stated that some of its internal IT systems had experienced a data security incident involving patients' personal information, and that it had immediately proceeded to secure its systems and launch an investigation.

In light of the investigation, Aesto Health explained that an unauthorised actor had obtained access to its internal systems from 25 December 2021 to 8 March 2022, and copied some files stored in Aesto Health's systems. Aesto Health further noted that the files stored in its systems contained the following information: patients' names, dates of birth, physician names, and report findings related to radiology imaging.

Lastly, Aesto Health stated that, after the discovery of the incident, it had notified individuals whose information was involved, implemented additional security measures to protect and monitor its systems, and established a dedicated call center to answer questions relating to this incident.

You can read the notice here and access details on the OCR portal here.