UMC Physicians, based in Lubbock, is contacting patients of UMC Southwest Gastroenterology to make them aware that some of their protected health information has been exposed due to errors of judgement by two of its employed providers.
Those suppliers had each set up a Google shared drive which was used to track follow up jobs related to the provision of care to patients. While the shared drives were set up with good aims and were intended to help improve the care given to patients, the providers used an unapproved cloud storage solution and patient data was wrongly stored on an unsecured network.
UMC Physicians found that the policy violation on March 12, 2019 and launched a review to determine which patients’ protected health information had been breached. During the course of that review, UMC Physicians determined that one of the providers had also been forwarding emails including patient information to an unsecured Gmail account.
The sort of information that had been stored on the unsecured network and sent to the Gmail account included names, addresses, telephone numbers, medical record details, dates of birth, dates of service, health insurance providers, diagnoses, and medical procedures carried out. Highly sensitive information such as Social Security numbers, insurance policy numbers, and financial data were not exposed.
As a response to the discovery, UMC Physicians has given additional training to employees on the use of approved cloud storage solutions and technical controls will be put in place to stop unauthorized cloud storage solutions from being used going forward.
No proof has been found to suggest patient information has been viewed by unauthorized individuals nor have any reports been received to suggest there has been misuse of patient information. All patients whose protected health information has been breached have been alerted to the breach by mail.
It is currently not obvious just how many patients have been impacted.