- Indiana-based Adams Health Network experienced a ransomware attack on January 11, the organization confirmed in an online statement.
CEO Jo Ellen Eidam said that a virus was put on the computer systems but patient care was not interrupted and the quality and safety of patient care did not occur.
“At this point in time we do not believe any patient information has been compromised,” Eidam stated. “We are currently conducting a forensic investigation related to this issue. If we determine patient information has been compromised we will notify all appropriate agencies and patients in a timely manner.”
Adams Memorial Hospital spokesperson Susan Sefton told local news station WANE that the incident was brought to administrators when an employee noticed certain files did not look correct.
Sefton added that the network was slow and went blank before system files simply read “sorry.”
Approximately 60 to 80 patients were impacted when the Berne Outpatient Clinic and three physicians in the network were unable to access patient history or appointment schedules on January 12.
“While AHN did experience a business interruption throughout the weekend as we worked to restore the affected severs, there was never an interruption in patient care,” Adams Health Network said in a released statement. “We are continuing to assess the severity of the situation, but at this time we believe no patient files have been accessed. At no time during this event has the quality and safety of patient care been affected.”
Penn Medicine computer theft impacts 1K patients
An unencrypted laptop computer was stolen from Penn Medicine, which may compromise some patients’ data.
Patient names, dates of birth, medical records and patient account numbers, and some demographic and medical information were included in a file on the device, according to Philly.com.
An organization spokesperson told Becker’s Hospital Review that the laptop was protected with a strong password. There is also currently no evidence that device had been turned on or the data accessed.
The device was reportedly stolen from a car at the King of Prussia Mall parking lot on November 30, 2017.
The OCR data breach reporting tool states that 1,050 individuals may have been affected.
Physician accesses EMR without permission, discloses data
Pedes Orange County, Inc. is sending out notification letters to certain patients that their data may have been compromised after a physician accessed information without permission.
The medical facility said that it works with another medical group to conduct surgical procedures throughout the week and that it shares a scheduling tool with other medical professionals in the building.
“On November 14, 2017, we learned that a physician from another medical group in the facility accessed our Pedes electronic medical records database without permission and disclosed the database materials to their attorney,” explained the notification letter, which was signed by Pedes Orange County Practice Manager Michael Gale. “Since discovering this incident, we have been working with the unauthorized individual to destroy all patient medical information that was accessed without permission.”
Individuals were urged to review all documents they receive from their health insurer, such as Explanation of Benefits.
The accessed database contained names, medical diagnoses, medical treatments, dates of medical services, and other treatment related information. Social Security numbers and financial account information were not included in the database.
OCR reports that 917 individuals may have been impacted.
“Although we have no reason to believe your information was misused by this unauthorized individual, we wanted to let you know this happened and we take this very seriously,” Gale wrote. “We are serious about protecting our patients’ medical records and are evaluating our existing security protocols to ensure an incident like this does not happen again.”