PHI Breach at Oklahoma State University Center for Health Sciences

An unauthorized individual has gained access to parts of the Oklahoma State University Center for Health Sciences (OSUCHS) network and may have accessed files containing billing details of Medicaid patients.

The security breach was uncovered on November 7, 2017 with access to the network terminated the next day. Third party computer forensics experts were employed to carry out a comprehensive investigation to determine which areas of the network had been accessed, and whether patient health information had been shared or stolen.

The investigation showed that patient health information could possibly have been viewed, although it was not possible to figure out whether patient information had been accessed or stolen. OSUCHS revealed that it has not received conclusive information to show that any patient information has been misused.

All individuals that may have been impacted by the incident have been notified of the breach by mail and told that they should be on the look out for their personal information being misused.

OSUCHS says medical records were not compromised and the breach was kept to names, healthcare supplier names, Medicaid numbers, dates of service, and a minuscule amount of treatment information. Only a single Social Security number was present on the affected server.

This breach has inpsired OSUCHS to conduct a review of security protections and additional safety guards have now been put in place to secure patient information in the future.

This HIPAA breach incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal so it is clear exactly how many individuals have been impacted in the scam.

Author: Maria Perez