Indiana-based Orleans Medical Clinic announced possible healthcare data breach when one of its computer servers was hacked. According to the reports, facility became aware of the suspicious activity on April 17. After investigation, it confirmed hacking attack. The incident left EHR data unsecured on the server.
Unauthorised users had access to the information from April 5, 2016 to April 17, 2016. Also, facility got confirmation on July 21, 2016 of the individuals and information potentially affected by the incident. Immediately, Orleans Medical secured the server to avoid such incident again.
“While our investigation was not able to definitively conclude whether the hackers actually accessed or obtained a particular individual’s information, it would have been possible for the hackers to access and obtain patient information about all of our current and former patients, including medical records and demographic information such as date of birth and social security number,” Orleans Medical stated.
Facility asked patients to contact their bank or credit card company to make them know of the situation. Banking and credit card information were not affected by the incident.
Facility did not mention the number of patients potentially affected. According to the OCR data breach reporting tool, information of 6,890 individuals was affected. Facility also mentioned that the patient portal was not breached. One year complimentary identity theft services is setup. Also, patient notification letters have been sent out thru mail.
According to the statement:
We have reported the incident to the FBI, the U.S. Department of Health and Human Services Office for Civil Rights, and the Indiana Attorney General, each of whom has opened an investigation.
We deeply regret that this incident occurred. We are committed to providing quality care and protecting PHI. We have established a call center to answer any questions that patients may have about this incident.
“At Orleans Medical Clinic, our mission is to provide personalized, high-quality care on an as-needed or preventative basis. We have created a practice that we believe in and would choose for our own family members.”
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.