- Preventing healthcare data breaches requires organizations to take numerous factors into account, and ensure that their administrative, physical, and technical safeguards are all working with one another. One lost document, one employee falling for a phishing scheme, or one employee failing to adhere to proper conduct could create a privacy issue. Here is a quick rundown of healthcare data breaches reported last week.
Missing health documents create concern in Florida
The Florida Department of Health allegedly suffered a data breach affecting five patients, according to a News13 report.
A department employee had sensitive documents in his car, which was broken into on March 31. The papers were in a “secured briefcase,” the news source stated, and the health department learned of the incident on April 1.
However, one of the victims claims that he was not notified until May 7. Chris Kibodeaux said he learned last week that his name, Social Security number, address, phone number and diagnosis were included in the stolen documents. Kibodeaux was particularly concerned because he is HIV positive, and does not want that information in someone else’s hands.
"Someone could've definitely had enough time to do what they were going to do, and if there is damage it's already been done," Kibodeaux said. "I'm going to have to pull my credit report and I'm going to have to try to figure out if someone has done something with my name."
News13 reported that the health department is still in the process of notifying all affected patients, and that it will offer identity protection services to those individuals.
Maryland facility reports phishing scheme
Summit Health, Inc. reported to the Maryland Office of the Attorney General that some of its employees had fallen victim to an email phishing scheme. According to a letter sent to the Maryland OAG, Summit learned on Feb. 19 that several employees had responded to the fake emails, believing them to have been legitimate.
“Summit’s investigation determined that responding to the phishing emails may have created an opportunity for unauthorized access to information contained in its self-service system, which is used for employee access to payroll and benefits information,” the letter stated.
Information that was potentially compromised includes employees W-2 wage and tax statements, which contained names, addresses, Social Security numbers, and income information. Data about employees’ spouses, dependents, and beneficiaries - such as names and Social Security numbers - may also have been compromised. Summit added that it is notifying five Maryland residents, and that they will be eligible for a free year of credit monitoring and identity protection services.
“Summit has also taken steps to help prevent something like this from happening in the future, including reinforcing employee education regarding ‘phishing’ emails and enhancing technical safeguards to ensure that sensitive information remains secure,” Summit said in its letter.
Former BCBS employee pleads guilty to ID theft
Former Blue Cross-Blue Shield employee Danielle Wallace pleaded guilty to wire fraud, aggravated identity theft and filing false tax returns, according to a Ledger-Enquirer report. Wallace had been accused of using customers’ personal information to file false tax returns.
US Attorney Michael Moore told the news source that the fraudulent tax documents were filed in Georgia between Jan. 1 and March 24, 2014. Wallace had worked for BCBS by working with customers over the phone. That is how she obtained customers’ personal information, and then used it to file false paperwork through a tax-preparation business, Moore said.