18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised
Dec14

18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised

The Detroit-based Henry Ford Health System has issued notifications to almost 18,500 patients that some of their PHI has potentially been seen by an unauthorized person. The PHI breach was discovered on October 3, 2017 when unauthorized access to the email accounts of several members of staff was detected. While protected health information was possible accessed or stolen, the health system’s EHR system was not accessed at any point. All data was restricted to the compromised email accounts. At present it is unclear exactly how access to the email accounts was obtained. Normally, breaches such as this include phishing attacks, where multiple emails are sent to healthcare workers that trick them into disclosing their login details. An internal review into the breach is underway to...

Read More
Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked
Dec13

Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked

The medical histories of 769 patients at Lowell General Hospital have been accessed by an member of staff without any valid work reason. By accessing the medical records, the member of staff breached the Massachusetts- based hospital policies and violated the privacy of hospital patients. Once the breach was discovered, and completion of the following investigation, the employee was fired. Lowell General Hospital was content that only one person was involved in the theft, and that this was not a widespread issue at the hospital. Patients affected by the security incident have been alerted and a breach notice has been published on the hospital website. Patients have been advised that the types of information accessed by the former member of staff included names, dates of birth, medical...

Read More
Healthcare Worker Stole PHI of 28,000 Health Care Services Patients
Dec12

Healthcare Worker Stole PHI of 28,000 Health Care Services Patients

Private documents holding the PHI of patients have been stolen by a former employee of the Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for patients with intellectual and developmental disabilities. Notifications of the breach have been sent to 28,434 patients who received care at CHCS before the summer of 2016. The breach of PHI was only found on November 7, 2017, but the data theft happened over 17 months ago. The former member of staff was relieved of their position on May 31, 2016, with the data saved to a personal laptop after that, according to a recent CHCS press statement. The breach was found during discovery in a litigation case between the former health care worker and CHCS. No details have been made public...

Read More
Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal
Dec11

Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal

Paper files from Women’s Health Consultants, an obstetrics and gynecology practice that had centers in South Whitehall Township and Hanover Township, PA  have been dumped at a recycling center in Allentown, Pennsylvania. The files – containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases – seem to have come from the firm which is no longer operating. If it not clear these files came to be dumped at the recycling center as the container where the records were found was not covered by surveillance cameras. The recycling center does have a securely locked recycling container where sensitive documents that have confidential information can be left securely, but that container was not used. The...

Read More

PHI Breach at UAB Medicine Leaves 652 Potentially Exposed

In Birmingham, Alabama, the UAB Medicine Viral Hepatitis Clinic has discovered a breach of patients’ protected health information (PHI) that could have affected up to 652 patients. The group, UAB Medicine, uses flash drives to transfer information from its Fibroscan machine to a computer. Two flash drives were identified discovered as missing on October 25, 2017. The portable storage devices were used to hold a limited amount of PHI in relation to the 652 patients concerned. Information stored on these particular devices included first and last names, gender, birth dates, images and numbers corresponding to test results, medical diagnosis, names of referring doctors, and the dates and times of appointments. In a release,  UAB Medicine has confirmed that no Social Security credentials,...

Read More