The Michigan-based group health plan broker and consultancy firm Manquen Vance – formerly Cornerstone Municipal Advisory Group – is alerting 7,018 individuals about a potential breach of their personal and health information.
An investigation was launched on November 16, 2020 when the firm identified suspicious activity in the email account of an employee. Manquen Vance determined that the account was accessed by unauthorized individuals between November 1 and 16. No other email accounts were compromised.
While it is possible that emails and attachments containing sensitive information were viewed or copied, no specific evidence was found to suggest that was the case. The delay in issuing notifications was due to the time-consuming process of checking every email in the account for sensitive information. That process was completed on February 2, 2021 and confirmed that members’ names, health insurance information, and Social Security numbers had potentially been compromised. Manquen Vance has since taken steps to improve email security to prevent similar breaches in the future.
DNF Medical Centers Fires Employee for Diverting Blood Samples to Unauthorized Laboratory
DNF Medical Centers in Florida is notifying 846 individuals about a breach of their protected health information. On February 18, 2021 it was discovered that an employee was diverting patients’ blood samples to an unauthorized laboratory for testing, instead of LabCorp or Quest.
Patient data sheets were sent with the blood samples which included patient names, addresses, dates of birth, phone numbers, healthcare provider name, and the last 4 digits of Social Security numbers. DNF Medical Centers reports that the laboratory conducted medical tests as requested and returned the results; however, since this was an unauthorized lab, DNF Medical Centers is concerned about the reliability of the results. As such, affected patients have been notified and have been asked to re-do their blood tests at no cost.
An investigation was launched into the incident and the employee was interviewed and subsequently terminated. DNF Medical Centers does not believe any personal information has been misused or further disclosed and that the samples were sent to the lab for the requested medical tests to be performed to allow the laboratory to bill patients’ health insurers for the tests.
PHI Compromised in Peak Vista Community Health Break In
On March 7, 2021, thieves broke into one of Peak Vista Community Health facilities in Colorado Springs and stole computer equipment. On March 31, 2021, Peak Vista determined that two of the stolen computers contained patient information including names, dates of birth, phone numbers, medical record numbers, medication lists, and diagnosis information.
The break-in has been reported to law enforcement, but the equipment has not been recovered. While it is possible that the thieves accessed information on the devices, no evidence of actual or attempted misuse of patient information has been identified. Peak Vista Community Health said only a very small portion of its patients were affected and all have now been notified by mail.
The post Manquen Vance Email Breach Impacts 7,018 Patients appeared first on HIPAA Journal.