A former employee of Main Line Women’s Healthcare in Bryn Mawr, PA, was discovered to be accessing and photographing patient records using a personal cellphone. The investigation into the breach indicates the records of 804 patients of the OB/GYN practice were accessed and photographed.
When the HIPAA violation was detected, the employee was immediately suspended and an internal investigation was launched to determine the extent of the privacy breach and the types of information that had been obtained. The accessed records included patient names, addresses, dates of birth, medical account number, insurance provider, treating physicians, medications, and diagnoses.
The employee worked for Main Line Women’s Healthcare between February 7, 2022, and June 14, 2022, and has now been terminated for the HIPAA violation. A spokesperson for Main Line Women’s Healthcare said it was not possible to determine the employee’s motives, nor whether the copied information has been misused or further disclosed. The privacy breach has been reported to law enforcement and Main Line Women’s Healthcare is assisting with the investigation.
The review of the records was completed on September 7, 2022, and notification letters were sent on October 10. The delay in issuing notifications was due to the time taken to obtain up-to-date contact information. Complimentary credit monitoring services have been offered to affected individuals.
Fred Hutchinson Cancer Center, WA – Email Account Breach
Fred Hutchinson Cancer Center in Seattle, WA, formerly known as Seattle Cancer Care Alliance, has discovered an employee email account has been accessed by an unauthorized individual. The incident was detected on March 26, 2022, when suspicious activity was identified in the email account. The email account was immediately secured, and a forensic investigation was launched to determine the nature and scope of the breach.
Fred Hutchinson Cancer Center discovered on April 18, 2022, that the email account had been accessed by an unauthorized individual between March 25 and March 26, 2022. A document review team was then assembled to review all information in the account and determine how many individuals had been affected and the types of information that may have been accessed. That process concluded on September 9, 2022, and now that up-to-date contact information has been obtained, notification letters are being sent. The types of information exposed varied from patient to patient and may have included name, address, Social Security number, financial account information, medical information, and/or health insurance information. Fred Hutchinson Cancer Center said it is unaware of any misuse of patient information.
Any individual who had their Social Security or government identification number exposed will be entitled to sign up for complimentary credit monitoring and identity theft protection services for 12 months. The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Seton Medical Center Harker Heights – Phishing Attack
HH Killeen Health System, which operates Seton Medical Center Harker Heights in Texas, has started notifying 15,056 patients that some of their protected health information has been exposed and potentially obtained by unauthorized individuals.
The breach occurred at a vendor used by Seton Medical Center Harker Heights. Two employee email accounts were accessed by unauthorized individuals after the employees responded to phishing emails. The accounts were immediately secured to prevent further unauthorized access, and a forensic investigation was conducted to determine the extent of the breach. According to the notification sent to the Texas Attorney General, the attackers gained access to patients’ names and medical information.
The post Main Line Women’s Healthcare Employee Terminated for Photographing Patient Records appeared first on HIPAA Journal.