Data Breach Exposes Medical Records of Western Connecticut Health Network Patients

Nuvance Health has started getting in touch with certain Western Connecticut Health Network (WCHN) patients to make them aware that some of their protected health information has been exposed.

On June 11, 2019, WCHN sent a box of medical records to the Connecticut State Department of Public Health. The package was sent using the U.S. Postal Service (USPS), but the package was harmed while on the move, exposing the contents of the package.

WCHN was made aware and retrieved the damaged package from the USPS. A representative for WCHN said there was nothing to suggest that any information had been taken and misused and that the package did not appear to have left the custody of the USPS until it was picked up by WCHN personnel.

WCHN has now amended its procedures for sharing protected health information to make sure other incidents like this are prevented in the future. Patients were alerted on August 19, 2019.

The range of information in the records was restricted to names, addresses, dates of birth, provider names, medical record numbers, diagnosis dates, diagnoses and medical test results.

This took place at the same time that Arizona State University (ASU) began notifying around 4,000 students that their email addresses, and in some instances their name, have been impermissibly shared due to a recent mailing mistake.

The students were issued emails in late July about renewing their health insurance policy. The email addresses should have been removed but were visible to other students who were sent the mailing.

When the mistake was noticed, ASU erased 2,540 of the messages and said 1,130 messages had not been seen.

ASU is reconsidering its policies and procedures and will take steps to stop incidents such as this from happening going forward.

Author: Maria Perez