Piedmont Cancer Institute (PCI) located in Atlanta, GA is informing 5,226 patients about the potential exposure of their protected health information (PHI) as a result of an unauthorized individual getting access to the email account of one employee.
A third-party cybersecurity firm helped PCI in determining the compromise of the email account for more than a month. The unauthorized person initially accessed the email account on April 5, 2020. PCI secured the account on May 8, 2020.
The breached account review ended on August 8, 2020 and confirmed that it comprised a selection of PHI. Aside from names, the patients impacted by the breach got at least one of the following data elements exposed: date of birth, debit/credit card number, financial account details, and/or medical data for instance diagnosis and treatment data.
To avoid the happening of more breaches, PCI has integrated multi-factor authentication on its accounts and gave more training to its staff regarding email security.
Patient Records Theft from Health and Wellness Clinic in Edmonds, WA
The Health and Wellness Clinic is a natural medicine and physical care solutions provider in Edmonds, WA. Burglars broke into its clinic and stole patient documents.
FromFrom August 29 to 30, a thief forced open a secured storage area situated off the massage room at the clinic. The room seemed to have been searched, paper records were taken out from several files, and one carton of paper files was found missing. The stolen documents comprised data including names, Social Security numbers, dates of birth, health records, and treatment details.
The Health and Wellness Clinic informed the police department about the break-in. The authorities carried out an investigation and have snagged a suspect and gained back the box of stolen documents. It is at this time not certain how many files were stolen from the health clinic.
McLaren Oakland Hospital Uncovered Potential Data Breach
McLaren Oakland Hospital based in Pontiac, MI has learned that 2,219 patients’ protected health information has been compromised and unauthorized individuals may have viewed it.
On July 10, 2020, McLaren Oakland found out that a computer desktop file had an unauthorized and unsecured URL to a file that consists of the PHI of existing and past patients.
There is no proof uncovered that suggests the unauthorized viewing of any of the PHI included in the file. There is likewise no report obtained showing that patient information was used inappropriately. As a safety measure, McLaren Oakland Hospital instructed the affected persons to check their account statements and credit reports for any hint of improper use of their data. The provider additionally provided the impacted persons with free identity theft protection and monitoring services.
When the PHI breach was identified, the URL was removed. The investigation results showed that an employee made the hyperlink insecure by mistake. McLaren Oakland has analyzed its guidelines and processes and gave employees extra training about patient privacy and data security.