Denton, Texas-based Integrity Transitional Hospital has notified patients, many of whom are children, that some of their protected health information has potentially been viewed and copied by an unauthorized individual who managed to gain access to one of its computer systems.
A network intrusion was discovered on August 15, 2016 after suspicious network activity was identified. Rapid action was taken to shut down access and prevent the exfiltration of data. A third party computer forensics company was contracted to conduct a thorough investigation of the hospital’s systems to determine the extent to which its network had been compromised and which, if any patient data has been viewed or copied by the attackers. The investigation revealed a system used to store laboratory data had been compromised.
Integrity Transitional Hospital provides laboratory services for a number of healthcare organizations. Those services involve receiving specimens and arranging for samples to be sent to laboratories for testing. As part of those services, Integrity Transitional Hospital maintains a record of the services provided for billing purposes. Details of the test results are also stored in its systems.
The data potentially accessed by the attackers include patients’ names, lab test results, lab testing information, health insurance information, and scanned driver’s licenses. No financial information or Social Security numbers are stored in the system that was compromised in the recent attack. It is unclear whether the attackers managed to copy or view any sensitive data, but the possibility of ePHI compromise could not be ruled out.
In order to prevent future breaches of laboratory information, system security has been enhanced. All patients whose data were exposed have been offered complimentary membership to Experian’s ProtectMyID service. Children affected by the breach are being offered identity theft protection services with Experian’s Family Secure service.
The breach has been reported to state and federal authorities, although it is unclear at this moment in time exactly how many individuals have been affected by the incident.