- Health data breaches can occur because of numerous reasons, which is why covered entities and their business associates must have comprehensive training measures and data security measures. All physical safeguards, technical safeguards and administrative safeguards need to properly align to give healthcare organizations the best chance at keeping PHI secure.
S.D. clinic cyber attack affects 13,000 patients
South Dakota-based Siouxland Pain Clinic recently announced that 13,000 individuals were potentially affected by a cyber attack that took place in a server hack between March 26 and April 2. The clinic was first notified of the breach on June 2, according to The Sioux City Journal, and has since “hired a national cyber security firm and beefed up security.”
Patient names, medical information, Social Security numbers and addresses were potentially compromised in the cyber attack, Rapid City attorney Lonnie Braun told the news source. Bank account information was not included as the clinic does not store that data, Braun added.
“We never did prove that any information was taken, but we could not disprove that, either,” Braun explained.
Recovered binders hold info. on 1,600 patients
Prima CARE, P.C. sent data breach notification letters to 1,651 patients after it recovered a binder containing personal information. The documents were found in the pushes in a parking lot on May 25, 2015. Prima said in an announcement on its website that it became aware of the incident on June 4, 2015.
Potentially compromised information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date(s) and certain clinical information. The information was on patients who received care from Prima healthcare providers between 2007 and 2012.
“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”
Prima added that the improper disposal was done without its knowledge or consent, and was in violation of its practices.
“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.
The organization will also review its policies and procedures, according to the statement, and will review its employee training programs to ensure that a similar incident does not happen again.
Unfortunately, documents being found outside a healthcare organization is not a new occurrence. In May, Orlando Health sent data breach notification letters to 68 patients “out of an abundance of caution,” after it was discovered that medical records were discovered in a residential driveway.
"We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.”