South Carolina based facility Greenville Health System (GHS) recently suffered data breach when one of its vendors had inappropriately downloaded patient data. The incident has potentially affected 2,500 patients.
GHS is associated with Ambucor Health Solutions, a remote-monitoring labor service for cardiac devices. As per the reports, one of the Ambucor employee downloaded GHS information just before his employment at Ambucor ended.
Law enforcement handed over two flash drives in July to Ambucur, which had been turned in when the employee left. Facility has began to notify patients about the incident.
Affected information may include the patient’s name, date of birth, home address, phone number, race, diagnosis, medications, testing data, patient identification number, medical device information (such as the manufacturer, identification number and model/serial numbers), Ambucor enrollment number, Ambucor enrollment date, Ambucor technician name, physician name(s) and the name and address of the practice where the patient was seen.
“GHS and Carolina Cardiology Consultants take patient privacy seriously and deeply regret any inconvenience or concern this incident may cause our patients,” Dr. Joseph Manfredi, ambulatory director of electrophysiology, told the news source.
Ambucor announced that it will offer affected patients one year of identity protection services and, if required, related recovery services and $1 million of identity theft insurance at no cost.
“Letters with instructions about activating the free identity protection services will be mailed to affected patients” said Ambucor
Facility mentioned that the affected patients should consider activating the identity protection services. it also said that steps are taken to prevent this type of incident from occurring again. It will thoroughly review and update it processes as per the HIPAA security standards.
Tips to prevent data theft
Employees must undergo training
Sensitive information must be secured through encryption
Access to the sensitive data should be controlled
Keep software and system up to date
Verify security controls of third parties
Dispose of sensitive data
Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.