- On June 16, the Texas Health and Human Services Commission (HHSC) notified patients of a recent potential security breach that may have involved the PHI of 1,842 residents of the Houston area.
The incident was discovered when a box of forms containing patient information was found near an unsecured dumpster outside a Houston eligibility office.
The forms contained personal information such as names, client numbers, dates of birth, case numbers, and phone numbers.
Additionally, mailing addresses, Social Security numbers, health information, and bank account numbers may have been included on the forms.
To minimize damage resulting from the event, the HHSC is offering concerned patients one year of free credit monitoring services.
The agency stated an investigation into the incident is underway and that additional security precautions will be taken to ensure confidential information is protected in the future.
HHSC is currently reviewing its processes and procedures for the disposal of documents containing PHI and making necessary changes.
Cyberattack targets California medical center, exposes PHI
Torrance Memorial Medical Center discovered a potential email security incident on April 20, 2017. A cyberattack granted unauthorized individuals access to two email accounts containing patient PHI, according to an online statement.
The incident likely took place on April 18 and April 19, 2017.
Potentially accessed information included patient names, dates of birth, address information, telephone numbers, medical record numbers, Social Security numbers, health insurance information, and other clinical information.
Upon discovering evidence of the incident, Torrance Memorial launched an investigation with the help of a third-party forensic investigator to assess the nature and scope of the event.
Investigators reported the personal information for certain individuals was present in some of the affected emails. However, authorities stated there exists no evidence suggesting the emails or attachments containing patient information were misused in any way.
Torrance Memorial added that security measures are already in place to protect patient data, but the medical center will be adopting additional safeguards and offering staff training regarding information security protocols.
The incident has been reported to the California Department of Public Health, HHS, and the FBI.
The medical center began notifying potentially impacted individuals of the incident on June 19, 2017.
Additionally, Torrance Memorial will provide concerned patients with free credit monitoring services.
Torrance Memorial did not say in its statment how many patients were impacted by the breach.
Potential ransomware attack hits Iowa health center
On June 14, Waverly Health Center suffered a potential ransomware attack at the hands of unnamed hackers, according to a Radio Iowa report.
Hospital computers reportedly began behaving erratically around 5 pm on the night of the incident.
“By seven o’clock we had disconnected all of our systems, recognizing that we had a significant virus within our entire information systems,” Heidi Solheim told the news source.
The hospital’s “incident reaction team” immediately reacted to the breach to mitigate any possible damage.
“All of our incident command positions started really just taking care of the projects that we needed to do, making sure that patient safety was our number one priority, and determining what types of services we were able to continue offering,” Solheim said.
The hackers threatened that they would not give up control of the hospital’s computers until Waverly Health Center agreed to pay the requested amount of money.
As of June 16, the hospital’s data remained encrypted to bar hackers from accessing any patient information.
“This issue was unusual in that Microsoft had not recognized this virus before,” Solheim explained. “So there really were no safeguards to prevent it from getting in our system.”
Waverly Health Center did not specify how many patients were potentially impacted by the ransomware attack.
Little River Healthcare Center suffers theft involving EHRs
Texas-based Little River Healthcare recently discovered a theft in which a briefcase containing 18 paper charts and a laptop with patient EHRs were stolen from a provider’s locked car.
The incident came to light on May 12, according to a KCEN-TV report.
The stolen patient health records contained information including patient names, dates of birth, dates of service, and medical history.
However, Little River said Social Security numbers, driver’s license numbers, and patient home addresses were not included in the EHRs.
The healthcare organization has notified patients of the breach.
Little River said in a public statement that there is no evidence suggesting the patient information has been accessed or misused by the thieves, but steps are being taken to eliminate the potential for further problems with patient information security.
Additionally, the stolen laptop was password protected and the healthcare organization’s IT department stated the laptop has not been turned on.
The prevailing theory among Little River authorities is that the laptop’s memory was wiped clean by thieves with the intent of resale.
The health center is strengthening staff training regarding the transfer and storage of patient health records.
Little River has not revealed how many patients were potentially impacted by the theft.