"Data Security Incident Exposes PHI For Over 1K Zomo Health Members"

Healthcare software company Zomo Health recently disclosed a data security incident to HHS that involved the protected health information (PHI) of 1,359 individuals accidentally being exposed.  According to Zomo Health, they became aware of a spreadsheet containing plan member information that was inadvertently made accessible through its website on August 5, 2022.  The investigation concluded that the spreadsheet was accessible on the internet between January 15, 2022, and August 5, 2022.  The impacted information potentially included names, dates of birth, Social Security numbers, health plan information, work addresses, phone numbers, email addresses, and information regarding participation in health plan incentives.  The company noted that the file was made accessible through human error and was not due to intentional or malicious action.  The investigators have not found evidence that any information had been accessed or stolen, but out of an absence of caution, Zomo Health is mailing letters to impacted individuals.  Also, recently Northern California Fertility Medical Center (NCFMC) informed an undisclosed number of individuals of a third-party data breach involving some patient information.  On September 23, 2022, NCFMC stated it recently learned that an unauthorized party had accessed the company’s network and attempted to encrypt some of the data.  During the investigation of the incident, no evidence was found that any information was misused.  However, the patients’ names, the status of an ultrasound performed at NCFMC, and cryopreserved tissue stored at NCFMC may have been exposed during the breach.  In this event, investigators found no evidence that Social Security numbers, credit card numbers, or medical records were compromised.

Health IT Security reports: "Data Security Incident Exposes PHI For Over 1K Zomo Health Members"