USA: Henderson & Walton Women's Center notifies OCR of data security incident
Henderson & Walton Women's Center ('HWWC'), P.C. notified, on 23 August 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 34,306 individuals. In particular, HWWC stated that it had suffered a cyber attack and an unauthorised third party had gained access to the email account of one of its employees. In light of the investigation carried out, HWWC explained that the data breach confirmed that the attacker had not gained access to the email server and that the breach was confined to the email account of one employee, whilst further noting that the incident may have resulted in unauthorised access to patients' personal information, which included names, dates of birth, social security numbers, medical information, health insurance information, driver's licence numbers, and state ID numbers.
Lastly, HWWC stated that, after the discovery of the incident, it had notified individuals whose information was involved, and that it had implemented additional security measures to protect and monitor its systems.