BioReference Laboratories

Lab Results and Data Breach

May 6th, 2016

BioReference Laboratories in New Jersey may have suffered possible data breach when  photographs containing PHI were sent in an unsecured email. According to the reports, some of its phlebotomists took pictures of lab test results with help of their smartphones. Later employees send emails attaching the photos to the laboratories through unsecured email. The pictures stored in the phone were present without any necessary safeguards.

According to the BioReference Laboratories, “BioReference is the third largest full service clinical diagnostic laboratory in the U.S. providing testing and related services to physician offices, clinics, hospitals, long term care facilities, employers, governmental units and correctional institutions. We offer a comprehensive test list focusing on molecular diagnostics, anatomical pathology, genetics, and women’s health. Moreover, through its GeneDx subsidiary, BioReference has an international presence in more than 50 countries around the world.”

Affected information includes including names, dates of birth, addresses, admission and discharge dates, medical record numbers, Social Security numbers, insurance information, diagnosis codes, and descriptions of lab tests, may be at risk of being improperly accessed, stated the company. Photos didn’t contain passwords, security codes, or financial information.

Company stated that this type of photo sharing incident may have occurred  earlier multiple times. The statement failed to mention the number of patients affected by the incident.  But the OCR data breach reporting tool mentioned that 3,563 individuals were potentially affected.

An internal investigation is launched along with upgrade in healthcare data security measures and internal safeguards. Affected individuals are contacted by facility officials for the possible healthcare data breach,. They are offered free credit monitoring service.

BioReference Information –

BioReference has more than 5000 people working for them. It is contracted with virtually all national health plans (UHC, Cigna, Aetna, Humana, Coventry and most Blues Plans). It has laboratory locations in nine states: New York, New Jersey, Maryland, Massachusetts, Rhode Island, Ohio, Florida, Texas and California.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.