Three-Year Insider Breach Discovered at North Ottawa Community Health System

North Ottawa Community Health System (NOCH) has become aware that a staff member at North Ottawa Community Hospital in Grand Haven, MI, viewed the medical records of patients without authorization over a period of three years.

This issue was brought to the attention of the health system on October 15 by another employee. A review into the alleged inappropriate access was initiated on October 17 and the employee was suspended pending the results of the investigation.

NOCH confirmed on November 25, 2019 that the employee had viewed the medical records of 4,013 patients without any genuine work reason for doing so between May 2016 and October 2019. There appeared to be no obvious pattern to the unauthorized access. Patient records seem to have been accessed at random.

No proof was uncovered to indicate that any patient information was illegally taken. NOCH believes the employee was accessing patient information out of nosiness.

The range of information possibly accessed included names, dates of birth, Social Security numbers, Medicare and Medicaid numbers, health insurance data, and some health information. Any patient whose Social Security number was accessible has been offered free credit monitoring and identity theft protection services for one year.

Additional training on NOCH policies covering medical record access have been given to all staff members and employee access to patient records has been tightened.

The breach has been made known to the Department of Health and Human Services’ Office for Civil Rights. It is up to OCR to decide if any additional action is taken against the employee over the HIPAA violation.

Cyberattack Forces Closure of Center for Health Care Services’ Computer Systems

The Center for Health Care Services (CHCS) in San Antonio, TX, suffered a cyberattack over the holiday period which forced it to close down its computer systems.

CHCS supplies healthcare services for people with mental health disorders, developmental disabilities, and substance abuse disorder and operates several walk-in clinics and outreach centers located in San Antonio.

The CHCS IT team found that a single server had been impacted after being warned about the cyberattack by federal officials. The decision was taken to close down its complete computer system as a precaution. The IT department has begun restoring its computer systems and bringing them back online one by one, starting with the systems at its largest centers. The process is expected to last for many several days.

The cyberattack was part of a much bigger attack that initiated before the holiday period. It is currently unclear how many other groups ave been impacted.

Author: Maria Perez