Massachusetts based Cambridge Health Alliance (CHA) have been advised, by law enforcement agencies, that the protected health information of some of its clients has been found in the possession of an unauthorized person.
The breach occurred On January 31, 2018, Everett Massachusetts Police Department made CHA aware that files including the PHI of some of its clients had been found in the possession of an person unauthorized to have the data. After being alerted of the violation, CHA completed an internal review into the breach and examined the files.
A minimum of one of the files included PHI related to billing which included details of patients’ names, addresses, dates of birth, Social Security numbers, employer particulars, expenses for healthcare services and discharge information dates. The data referred to 2013 billing.
The breach notice broadcast to affected people by the law firm BakerHostetler on behalf of CHA, stated that the breach affected four people in New Hampshire, all of whom have been provided with free credit monitoring and identity theft protection services through the firm Experian.
While the breach notice reveals that only four peoples were affected, the Boston Globe has revealed that notification letters have been sent to around 2,500 people. The details of the breach are the identical apart from the number of individuals affected.
Revealed in the Boston Globe, CHA representative David Cecere said that the incident is still being reviewed and it is currently unclear how the data came to be stolen. Cecere said it could have been a hack or the data could have mistakenly made public.
Along with the internal review, CHA has retained the services of a computer forensics firm to provide help and attempt to determine exactly how the data was obtained