Owing Mills, MD-based JEV Plastic Surgery & Medical Aesthetics has started notifying 1,620 patients about a security breach that has exposed some of their protected health information.
Malware was detected which allowed an unauthorized individual to access systems that contained protected health information.
A third-party forensic investigation determined the malware had been installed on April 30, 2021, and allowed its systems to be accessed until June 14, 2021. A comprehensive review of files on the affected systems was conducted to determine whether any patient information had been viewed or acquired. On September 8, 2021, JEV Plastic Surgery confirmed files on the compromised systems contained protected health information such as names, dates of birth, consultation notes, medical histories, and surgical operative notes. JEV Plastic Surgery says it is unaware of any actual or attempted misuse of personal data.
JEV Plastic Surgery is reviewing its policies and procedures and will update them as necessary to improve data security. New internal training protocols have also been implemented to mitigate any risk associated with this event and to better protect against future security breaches.
Bryan Health Discovers Insider Breach Involving PHI of 2,753 Patients
Lincoln, NE-based Bryan Health has discovered an insider breach involving the protected health information of 2,753 patients. In August 2021, an employee was discovered to have accessed the health records of patients when there was no legitimate work-related reason for doing so.
The types of information accessed included names, personal information, and information stored in medical records; however, the access rights of that individual did not permit Social Security numbers or financial information to be viewed.
The unauthorized access occurred in September 2020, but it was not discovered until August 2021. All affected individuals have been notified about the breach by mail and Bryan Health has confirmed that the employee no longer works at Bryan Health
Billing Information of 946 UNC Health Patients Exposed
Chapel Hill, NC-based UNC Health has discovered the billing information of 946 patients may have been viewed by unauthorized individuals.
An internal review of billing fields in its electronic health records was conducted on September 9, 2021. One of the fields in the EHR identifies individuals authorized to view patient billing information, and any individual listed in that field is able to access patients’ billing information. The individuals listed in those fields are usually relatives of a patient or other individuals who have been authorized to access their billing information.
The review identified 946 patients who had an individual included in that field that the health system was unable to confirm was authorized to access billing information. Consequently, it is possible that information such as names, addresses, charges for services, and medical-related information may have been accessed by unauthorized individuals.
No Social Security numbers, financial information, or credit card information was exposed and the affected patients are not believed to be at financial risk. UNC Health said it has cleared and reset the field in its EHR, which will prevent authorized individuals from accessing billing information. Notification letters have been sent to patients along with instructions for re-establishing access to their billing information for named individuals.
Policies have also been changed to limit the number of employees who are authorized to update the field and employees who are permitted to access the field have been retrained. Additional safeguards have also been implemented to prevent similar issues in the future.
The post Malware Infection Discovered by JEV Plastic Surgery & Medical Aesthetics appeared first on HIPAA Journal.