- A medical group in Texas is facing a potential healthcare data breach that may have exposed patient and employee information after a hacking incident.
Approximately 50,000 individuals were affected by the healthcare data security event at the Medical Colleagues of Texas, LLP, reported the Houston Chronicle on its website.
In a notice on its website, the Medical Colleagues of Texas, LLP stated that it discovered an outside entity had accessed its computer network, which stored EHR and personnel data. The healthcare system launched an internal investigation and hired an independent forensic expert to examine and secure the network.
Medical Colleagues of Texas, LLP found that employee and patient information, such as names, addresses, Social Security numbers, and health insurance information, may have been accessed by an unauthorized party.
Following the possible data breach, the healthcare system notified affected individuals via mail and established a call center to address any questions or concerns about the incident. It has also offered free credit monitoring services for impacted patients.
“In addition, since this event was discovered, we have taken steps to prevent this type of event from happening again, including updating our computer network, strengthening our firewalls, and implementing two factor authorization measures for remote access,” explained Medical Colleagues of Texas, LLP in the notice. “We are also providing additional training and strengthening our policies and procedures in regards to the protection of sensitive personal information.”
Theft exposes PHI of incarcerated patients in CA
A potential healthcare data breach has affected some incarcerated patients at the California Correctional Healthcare Services, reported an official press release.
The healthcare organization did not disclose how many individuals were affected by the security incident. However, it confirmed that PHI may have been exposed for patients in the California Department of Corrections and Rehabilitation, who were incarcerated between 1996 and 2014.
The possible PHI breach occurred after an unencrypted work laptop was stolen from an employee’s personal vehicle. California Correctional Healthcare Services reported that the device was password-protected.
Officials are unsure if sensitive information was contained in the laptop or what patients may have been included in documents on the device. PHI or personally identifiable information that may have been in the laptop, included medical, mental health, and custodial information.
Although California Correctional Healthcare Services cannot identify specific individuals, it has attempted to contact each individual whose PHI could have reasonably been contained on the stolen device. It noted that the organization may not have updated contact information for some patients, so it has posted a notice on its website and sent a notification of the event to the media.
“CCHCS [California Correctional Healthcare Services] is committed to protecting the personal information of our patients,” said Director of Communications and Legislation Joyce Hayhoe in the press release. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”
Stolen laptop leads to data security incident for CA provider
A California-based medical group has recently reported that PHI may have been inappropriately accessed after a burglary in March, according to an official statement.
Imperial Valley Family Care Medical Group stated that a laptop was taken from a physician’s office on March 21. Upon investigation, the medical group found that the laptop contained patient information, such as names, addresses, dates of birth, health information, Social Security numbers, driver’s license information, and California identification card information.
Neither the statement nor the Office of Civil Rights’ data breach portal disclosed how many individuals may have been affected by the potential healthcare data breach.
The statement did confirm that the theft was reported to local law enforcement officials and there has been no evidence that patient information has been misused by an unauthorized party.
In response, Imperial Valley Family Care Medical Group notified affected patients. It also offered complimentary identity theft protection and credit monitoring services for a year to those individuals who may have had their Social Security numbers, driver’s license information, and ID card information exposed by the incident.
As part of the notification, the medical group also included a guide on how to protect one’s identity, which included instructions on how to place a fraud alert on a credit account and manage personal information.
“We understand that this may pose an inconvenience to our patients. We sincerely apologize and regret that this situation has occurred,” wrote Chief Strategic Officer Donald G. Caudill in the notification letter. “Imperial Valley Family Care Medical Group is committed to providing quality care, including protecting personal information, and we want to assure all of our patients that we have policies and procedures to protect their privacy.”
Laptop theft leads to potential PHI breach
On March 17, Blue Ridge Surgery Center learned that an encrypted work laptop was stolen after a break-in occurred at an employee’s home on the same day. The device included PHI for an undisclosed numbers of patients at the North Carolina-based ambulatory surgery facility.
Blue Ridge Surgery Center investigated the possible healthcare data breach and discovered that the password was with the stolen device when it was taken. The laptop also may have contained emails that included patient names, addresses, treatment information, healthcare insurance providers, identification numbers, and Social Security numbers, confirmed the surgery facility on its website.
However, the security incident did not affect all patients at the surgery facility, reported the statement.
For individuals who were affected, Blue Ridge Surgery Center mailed notification letters on May 16 and created a call center to answer any questions or comments about the possible healthcare data breach.
Due to the sensitive nature of the information in the laptop, the surgery facility has encouraged affected individuals to monitor healthcare insurance statements and notify the insurer if there are unexplainable charges for medical services.
To prevent future healthcare data breaches, Blue Ridge Surgery Center has provided additional training for employees, specifically on securing passwords for work-related devices.