Archive for June, 2016

Employee misuse results in potential healthcare data breach

June 3rd, 2016

Inappropriate access to patient information over seven years has resulted in a possible PHI breach at an Iowan hospital, as per the report.

Around 1,620 patients have been notified by UnityPoint Health-Allen Hospital. Former employee had improperly viewed PHI through the hospital’s EHR system. The employee was allowed access to the EHR system to do her job at that time, but she did not have the authority to view the records for patients who are involved in this healthcare data security event. The employee’s EHR access was terminated as soon as the hospital detected the possible PHI breach and the staff member was disciplined according to hospital policies.

According to the Jim Waterbury, the hospital’s vice president for institutional advancement,  Allen Hospital staff detected inappropriate access to the hospital’s medical records on March 14 and opened an immediate review.

Patients may have had their names, home addresses, dates of birth, health insurance information, and treatment information disclosed in the incident. The report stated that less than 15 percent of affected patients may have had their Social Security numbers viewed.

“We apologize to our affected patients, and we accept our responsibility to keep this event from happening again,” UnityPoint Health-Allen Hospital’s Vice President for Institutional Advancement Jim Waterbury told The Courier.

Steps been taken by hospital to prevent future healthcare data breaches includes additional training on proper access of EHR systems and performing more audits.

Facility has also provided patients with guidance on other precautionary measures they can take to protect their information, including placing a fraud alert, placing a security freeze and/or obtaining a free credit report.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Connecticut-based podiatry group suffers data breach

June 2nd, 2016

A Connecticut-based podiatry group has been facing a possible healthcare data breach. The incident has impacted approx. 40,491 individuals after hackers accessed network services.Some external party had gained access to Stamford Podiatry Group’s systems, including its EHR database. The intruder is suspected to have viewed patient information between February 22 and April 14, 2016. Healthcare group has ordered a forensic investigation and terminated the unauthorized user’s access to its systems.

“Although we have not been able to confirm that your personal information was accessed and copied, we have not been able to rule out that possibility and encourage you to take … protective measures,” the organization mentioned.

Personal information involved in the healthcare data security event included medical histories, treatment information, names, Social Security numbers, dates of birth, genders, marital statuses, addresses, phone numbers, email addresses, names of doctors, and insurance information.

Stamford Podiatry Group’s Vice President Rui DeMelo, DPM, FACFAS, wrote in the letter “We have also implemented and are continuing to implement additional security measures designed to protect our systems against future intrusions. We have retained cybersecurity experts to assist us in these efforts.”

While there is no evidence yet that the personal information is being misused, the organization is still offering its patients a year of credit monitoring. Healthcare group has attempted to notify all affected patients. Individuals have also been advised by Stanford Podiatry Group to monitor financial and medical accounts for potential identify theft.

According to the recent reports by Department of Health and Human Services Data, more than 120 million people have been affected in more than 1,100 separate breaches at organizations handling protected health data since 2009.

“That’s a third of the U.S. population — this really should be a wake-up call,” said Deborah Peel, the executive director of Patient Privacy Rights.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deploymentand management of PC encryption by using industry leading Check Point Full DiskEncryption software.