Vitra Home Care, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Vitra Home Care, LLC, a Massachusetts-based healthcare provider, experienced a data breach due to a phishing attack that compromised an employee’s email account. The breach was discovered on December 8, 2022, and occurred on December 6, 2022. Vitra Health, Inc. and Vitra Home Care, LLC (collectively referred to as “Vitra”) took immediate action to prevent further unauthorized access by disabling the compromised email account and changing the credentials. They also confirmed that no other email accounts were breached and initiated an internal investigation[4].

Vitra engaged a professional forensic investigator and a security and data privacy consultant to assist with the investigation. The compromised email account contained various types of Protected Health Information (PHI), including names, addresses, dates of birth, phone numbers, referral information, diagnoses, and Health Plan ID numbers. However, the breach did not include Social Security numbers, driver’s licenses, or credit or debit card information[4].

In response to the breach, Vitra expanded its email security, implemented new technical safeguards, and provided additional privacy and security training to its staff. They are also conducting a comprehensive review of their operations and IT systems and have retained outside assistance to perform a HIPAA risk assessment[4].

Vitra has not reported any specific information regarding the impact of the breach on affected individuals. However, they have advised Massachusetts residents of their right to obtain a police report if they are victims of identity theft and have provided resources for placing a security freeze on credit reports[4].

The breach affected 658 Massachusetts residents, as reported in the State data breach browser[10][15].

Citations:

  1. https://www.mass.gov/doc/assigned-data-breach-number-29245-vitra-health-inc/download
  2. https://www.mass.gov/doc/data-breach-report-2023/download
  3. https://cases.stretto.com/public/X070/10255/PLEADINGS/1025508302180000000010.pdf
  4. https://info.vitrahealth.com/hubfs/Vitra_Breach_June-22-2023.pdf
  5. https://www.virtahealth.com
  6. https://hacknotice.com
  7. https://www.mass.gov/lists/data-breach-notification-letters-march-2023
  8. https://www.careinhomes.com/Attleboro-MA?page=1
  9. https://www.town.canton.ma.us/DocumentCenter/View/4076/19-005W-Water-Transmission-Main-Bid-Documents
  10. https://breachdata.topwords.me/states/MA
  11. https://www.scribd.com/document/418195974/2019-Home-Care-Alliance-and-Foundation-for-Home-Health-Annual-Report
  12. https://www.classaction.org/media/ma-data-breach-report.pdf
  13. https://www.annualreports.com/HostedData/AnnualReportArchive/c/LSE_GLO.L_2017.pdf
  14. https://vitrahealth.com
  15. https://breachdata.topwords.me/hipaa?limit=20&offset=260&sort=entity_name
  16. https://colevannote.com/investigations/
Breach Submission Date Jun 22, 2023
Converted Entity Name Vitra Home Care, LLC
Converted Entity Type Business Associate
State MA
Individuals Affected 658
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes