Healthcare Information Security

Latest Health Data Breaches News

12K Affected in ShopRite Supermarkets Data Security Incident

Recent data security incidents that may have involved medical information include an inadvertent device disposal and an unencrypted email.

data security incident stems from inadvertent device disposal

Source: Thinkstock

By Elizabeth Snell

- ShopRite Supermarkets, Inc. announced that the Kingston, New York ShopRite experienced a data security incident that potentially put personal and medical information of customers at risk.

A pharmacy device that captured signatures was inadvertently disposed of in February 2016, according to a statement posted to the ShopRite website. Any customers who picked up a prescription at the Kingston location between 2005 and 2016 signed on the device to confirm acknowledgement of the ShopRite privacy policy and, if applicable, to confirm payment to their insurance provider.

Information that may have been involved includes names, phone numbers, dates of birth, prescription numbers, medication names, dates and times of pick-up or delivery, signatures, and zip codes.

OCR states on its data breach reporting tool that 12,172 individuals may have been impacted.

“Our team is taking steps to prevent recurrence of similar incidents, including providing supplemental privacy and security training for pharmacy staff and strengthening our security policies relating to the appropriate removal of data from, and disposal of, computers and devices,” ShopRite said. “We sincerely regret any inconvenience or concern caused by this incident.”

There is no reason to believe that the information has been misused in any way, the organization added. Even so, ShopRite recommended that customers regularly review their health plan’s explanation of benefits statements and closely monitor their financial accounts.

Unencrypted email reported by N.C. DHHS

The North Carolina Department of Health and Human Services (DHHS) said in an online statement that a spreadsheet containing personal information for approximately 6,000 individuals was sent in an unencrypted email to a vendor.

The email was sent in error, and contained information from routine drug screenings for DHHS employment, intern and volunteer opportunities. DHHS said it learned of the security incident on September 27, 2017, launched an investigation, and immediately contacted the vendor to delete the information.

The spreadsheet contained names, Social Security numbers and test results.

“Protecting the privacy and security of job applicants is a top priority of DHHS,” the statement read. “The department has reviewed proper procedures with employees and is continuing to review its internal processes to ensure the correct handling of data moving forward and to help avoid a similar occurrence in the future.”

DHHS added that it cannot determine that the email was not intercepted, but that there is a low chance of the information being misused.

Unauthorized access at FL YMCA creates data security concerns

YMCA of Central Florida (YMCA) learned on October 24, 2017 that an unauthorized individual gained access to several YMCA employee email accounts.

YMCA immediately disabled the compromised accounts and changed the account passwords, according to an online statement. Not all organization patrons were affected, with “only some program registrants” potentially being impacted.

An investigation revealed that the email accounts may have contained patrons’ names, financial account numbers, and payment card numbers. Social Security numbers, driver’s license or other government issued identification numbers, passports, health information, and health insurance numbers may have been included in “some instances,” YMCA said.

The organization added that there is no indication that the information was viewed or used in any way.

Individuals whose Social Security numbers may have been affected will be offered one year of free credit monitoring and identity protection services.

“We sincerely regret that this incident occurred and apologize for any inconvenience or concern this may cause,” YMCA stated. “To help prevent an incident like this from happening in the future, we are providing our employees with additional privacy training and education.”

YMCA did not specify how many individuals were potentially impacted by the incident. 

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks