Healthcare Data Breach At PA Rehab Center Impacts 130K

November 22, 2022 - Pennsylvania-based Gateway Rehabilitation Center notified 130,000 individuals of a data breach that it discovered in June 2022. The nonprofit provides drug and alcohol rehabilitation services to individuals throughout greater Pittsburgh.

On June 13, Gateway Rehab discovered an “incident disrupting access to certain systems” and immediately took steps to secure its systems. Further investigation revealed that the names, birth dates, Social Security numbers, medical information, health insurance information, and financial account information of current and former patients were potentially compromised.

Despite HIPAA’s 60-day notification requirement, Gateway Rehab notified individuals of the breach on November 18.

“Gateway Rehab takes the security of its patient information very seriously and has taken steps to help prevent a similar event from occurring in the future.

Employee Improperly Viewed EHRs at University Medical Center of Southern Nevada

University Medical Center (UMC) of Southern Nevada notified 1,861 individuals of a breach that occurred when a workforce member accessed EHR information without an appropriate reason for doing so.

The incident came to light during a review conducted in September. UMC discovered that the employee had accessed patient records between May 19, 2021 and September 22, 2022. The data accessed potentially included demographic information, clinical information, and insurance information.

“UMC has no evidence that any of the information involved was misused and does not believe the access was an attempt to compromise identities or to seek commercial gain,” the notice to patients stated.

UMC stated that the employee is no longer employed by UMC, and the medical center has implemented additional policies to prevent future incidents, including training and education.

Yakima Neighborhood Health Services Notifies 2.6K of Breach

Washington-based Yakima Neighborhood Health Services (YNHS) notified 2,689 individuals of a data security incident.

“On October 4, 2022, a file containing certain individuals' personal and protected information was inadvertently distributed to one individual,” YNHS explained.

“Upon learning of this accidental disclosure, YNHS took steps to ensure the recipient deleted the file from their possession.”

The file contained names, birth dates, medical treatment locations, and medical record numbers. YNHS said it has no evidence that any information involved in the incident has been misused.

“YNHS has taken steps in response to this incident and has made alterations to its cyber environment to help prevent similar incidents from occurring in the future,” the notice concluded.