virus

Data Breach Due to Email Misconduct

April 11th, 2016

Val Verde Regional Medical Center recently announced data breach when unsecured PHI in an email was discovered.

“On or about August 9, 2015, an independent healthcare provider downloaded unsecured protected health information and emailed it to a personal account without encryption protection,” explained the press release. “In addition, the independent contractor was not authorized to access some of the protect[ed] health information.”

Val Verde Regional Medical Center came to know about health data breach on December 8, 2015. Affected patient information in the email included names, addresses, phone numbers, medical record numbers, and visit numbers.

According to the OCR data breach portal, two thousand individuals were affected by the incident. Val Verde Regional Medical Center launched an investigation. It also notified patients who were possibly affected by the event.

Internal audit and improved security measures to the hospital’s HIPAA security program is being undertaken by the hospital.

Val Verde Medical Center  believes that there have been no reports of improper use of PHI, patient medical histories, or Social Security numbers by unauthorized individuals. It has encouraged all potentially affected patients to monitor credit reports for suspicious activity.

Users are advised to take necessary steps.They are advised to obtain credit reports from one or more of the major credit reporting agencies to monitor financial accounts for unauthorized activity. Consumers are entitled to  get a free copy of their credit report from each of the major nationwide credit reporting companies once every 12 months. They need to request the same as per the federal law.

Del Rio and surrounding communities received services from Val Verde Regional Medical Center since 1959. Val Verde Regional Medical Center considers the privacy of patients as a high priority task. It is guided by the mission to improve the health of the people in the communities served.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer Virus Causes Data Breach

April 7th, 2016

Mercy Iowa City, an acute care hospital and regional referral center, recently suffered data breach  due to computer virus. Mercy Lowa City did not mention the number of affected individuals but the OCR data breach portal mentioned that 15,625 individuals were affected by the incident.

Mercy Iowa City came to know about computer virus on January 29. It had potentially infected some of its systems three days prior. The hospital now has secured the computer systems to prevent the spread of the virus.

“That’s a small percentage compared with the total number of patients the hospital serves”, said Margaret Reese, interim director of marketing and community relations and president of the Mercy Hospital Foundation. She said she did not know the total number of patients, adding that “it would be a huge number when you consider all of the many services.”

Internal investigation is carried out by forensics firm. Capturing personal data was the main motive of the computer virus. Thus it is believed that data breach has occurred.

Reese said Mercy has been working with federal law enforcement on its investigation. The hospital’s release said current safeguards have been enhanced to protect sensitive data. Reese said she could not comment on what the enhancements were.

According to the reports, unauthorized access to patients records by outside entity has resulted into the incident. which did not affect all Mercy Hospital and Mercy Clinic patients.

According to the statement, “Mercy deeply regrets any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information.”

Affected information included names, dates of birth, addresses, treatments, diagnoses, medication lists, names of health insurers, and health insurance policy numbers. Social Security numbers may also have been accessed for some patients.

“To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information,” stated the press release.

The hospital also created a call center dedicated to answering questions about the data security event. Mercy Iowa City mentioned that there is no evidence patient information misuse.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.