- A California-based chiropractic office has notified 600 patients of a potential healthcare data breach after the practice was burgled in early March, reported EastBayTimes.com.
In an official statement, Vibrant Body Wellness explained that a laptop and backup hard drive were stolen after a break-in occurred sometime between March 5 and March 8.
The chiropractic practice confirmed that the laptop was password-protected and patient information on the hard drive was encrypted. Despite the security measures, the practice stated that patient information may still be at risk, including names, addresses, dates of birth, contact information, diagnoses, and billing information.
Upon discovery of the healthcare data security incident, Vibrant Body Wellness reported the robbery to local law enforcement officials.
Affected individuals have been notified of the possible healthcare data breach and the practice has encouraged affected patients to place a fraud alert on their credit accounts, explained the statement. The practice confirmed that there has been no reported events of health information being improperly accessed or used.
“We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred,” wrote the owner of the practice, Teresa Lau, DC, in a letter to affected patients. “Vibrant Body Wellness is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”
Healthcare business associate reports potential healthcare data breach
EqualizeRCM Systems, a billing and collection services vendor, reported a healthcare data security incident after a laptop containing patient information was stolen, according to a company statement.
On February 29, EqualizeRCM Systems learned that a laptop was stolen from one of its employees on either February 25 or February 26.
Upon investigation, the healthcare vendor discovered that the laptop contained personal information for patients at specific facilities.
The documents on the stolen device may have included names, addresses, phone numbers, dates of birth, insurance information, genders, healthcare provider information, billing and diagnosis codes, medical record numbers, internal reference numbers, dates and types of service, locations of services received, and other administrative data.
The vendor reported that financial information and Social Security numbers were not affected.
EqualizeRCM Systems did not report how many individuals were affected by the potential healthcare data breach. However, a letter to the New Hampshire Department of Justice confirmed that two individuals from the state were affected.
While the vendor has not received any indication that patient information has been inappropriately accessed, it has offered affected individuals complimentary identity theft monitoring and remediation services.
The company has also mailed notification letters to affected individuals, reported the statement.
To prevent future healthcare data security incidents, EqualizeRCM Systems stated that it has developed and implemented additional security measures.
“The privacy and protection of patient information is a top priority for EqualizeRCM, and we deeply regret any inconvenience or concern this incident may cause,” explained the statement. “We are working closely with the affected facilities in our response to this event, and have taken steps to help prevent this type of incident from happening in the future including reviewing our policies and procedures, implementing additional safeguards to ensure information in our control is appropriately protected, and retraining employees on existing policies for the proper handling of sensitive information.”
Possible PHI breach after employees photograph lab results
A possible healthcare date breach occurred at BioReference Laboratories in New Jersey after photographs containing PHI were sent in an unsecured email.
In a HIPAA Incident notification on its website, BioReference Laboratories reported that some of its phlebotomists in Florida took pictures of lab test results using their smartphones. The employees then sent the photographs via unsecured email to the laboratories.
The pictures were also stored on the phones without proper safeguards.
Patient information, including names, dates of birth, addresses, admission and discharge dates, medical record numbers, Social Security numbers, insurance information, diagnosis codes, and descriptions of lab tests, may be at risk of being improperly accessed, stated the company.
However, the healthcare company confirmed that the photographs did not contain passwords, security codes, or financial information.
Additionally, BioReference Laboratories stated that this type of healthcare data security incident may have occurred on multiple occasions between January 2013 and February 2016.
The official statement did not indicate how many individuals may have been impacted by the most recent event.
However, the OCR data breach reporting tool states that 3,563 individuals were potentially affected.
In response, BioReference Laboratories has launched an internal investigation and updated its healthcare data security measures and internal safeguards.
Officials at the laboratory have also contacted affected individuals about the possible healthcare data breach, offered free credit monitoring services for those affected, and established an incident hotline.