Piedmont Cancer Institute (PCI) in Atlanta, GA is notifying 5,226 patients that some of their protected health information may have been viewed or obtained by an unauthorized individual who gained access to the email account of one of its employees.
Assisted by a third-party cybersecurity firm, PCI determined the email account was compromised for more than a month, with the unauthorized individual first accessing the account on April 5, 2020. The account was secured on May 8, 2020.
A review of the compromised account concluded on August 8, 2020 and revealed it contained a variety of protected health information. In addition to names, affected patients had one or more of the following data elements exposed: date of birth, medical information such as diagnosis and treatment information, financial account information, and/or credit/debit card number.
To prevent further breaches, PCI has implemented multi-factor authentication on its email accounts and has provided further training to the workforce on email security.
Potential Data Breach Discovered by McLaren Oakland Hospital
McLaren Oakland Hospital in Pontiac, MI has discovered the protected health information of 2,219 patients has been exposed and may have been accessed by unauthorized individuals.
On July 10, 2020, McLaren Oakland became aware that a computer desktop file contained an unauthorized and unsecure link to a file containing the protected health information of current and former patients.
No evidence was found to indicate any of the PHI in the file had been viewed by unauthorized individuals and no reports have been received indicating any misuse of patient information. Affected individuals have been advised to monitor their accounts and credit reports for any sign of misuse of their information as a precaution. Affected individuals have also been offered complimentary membership to identity theft protection and monitoring services.
Upon discovery of the PHI exposure, the link was disabled. The investigation revealed the link had been inadvertently rendered insecure by an employee. McLaren Oakland has reviewed its policies and procedures with staff and additional training on patient privacy and data security has been provided to employees.
Patient Records Stolen from Edmonds, WA Health and Wellness Clinic
The Health and Wellness Clinic in Edmonds, WA, a provider of “natural medicine and physical care solutions,” has suffered a break-in in which patient records were stolen.
A storage room located off the massage suite at the clinic and had a locked external door which was forced open by a burglar over the weekend of August 29-30. The room appeared to have been searched, papers had been removed from some of the files, and a box of files was discovered to be missing. The stolen records contained information such as names, dates of birth, Social Security numbers, health histories, and treatment information.
The break-in was reported to the police department which conducted an investigation that has resulted in the identification of a suspect and the box of stolen records has now been recovered. It is currently unclear how many records were taken from the clinic.
The post Piedmont Cancer Institute Phishing Attack Impacts 5,000 Patients appeared first on HIPAA Journal.