An ex-employee of Main Line Women’s Healthcare located in Bryn Mawr, PA, was found to be viewing and taking photos of patient data utilizing a personal mobile phone. The breach investigation reveals that the information of 804 OB/GYN practice patients was viewed and photographed.
As soon as the HIPAA violation was discovered, the worker was promptly suspended. The provider started an internal investigation to find out the magnitude of the privacy violation and the types of data obtained. The compromised records contained patient names, birth dates,
addresses, medical account numbers, insurance companies, treating doctors, prescription drugs, and diagnoses.
The employee’s work at Main Line Women’s Healthcare was from February 7, 2022 to June 14, 2022, which is now over as a result of the HIPAA breach. A representative for Main Line Women’s Healthcare stated it cannot ascertain the employee’s reasons, nor if the copied data was improperly used or further exposed. The privacy breach report was submitted to the police and Main Line Women’s Healthcare is helping with the investigation.
The provider finished the analysis of the data on September 7, 2022, and sent notification letters on October 10. The late issuance of notification letters was because of the time used to get updated contact details. Free credit monitoring services were provided to impacted persons.
Email Account Breach at Fred Hutchinson Cancer Center, WA
Fred Hutchinson Cancer Center located in Seattle, WA, previously called Seattle Cancer Care Alliance, has found out that an unauthorized person had accessed a staff email account. The incident was discovered on March 26, 2022, upon noticing suspicious activity in the email account. After securing the email account immediately, the center started a forensic investigation to find out the nature and extent of the data breach.
Fred Hutchinson Cancer Center uncovered on April 18, 2022, that an unauthorized individual accessed the email account from March 25 to March 26, 2022. A team was created to review all the documents contained in the account and find out how many persons were impacted and the types of data that were viewed. That process was finished on September 9, 2022, and since contact details had been updated, the center began sending notification letters. The types of data compromised were different from one patient to another but might have contained names, addresses, financial account details, Social Security numbers, medical data, and/or medical insurance data. Fred Hutchinson Cancer Center stated it is not aware of any improper use of patient data.
Any person whose Social Security or government ID number had been exposed will be eligible to receive one-year free credit monitoring and identity theft protection services. The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore, the number of affected persons is presently uncertain.
Phishing Attack at Seton Medical Center Harker Heights
HH Killeen Health System, which manages Seton Medical Center Harker Heights based in Texas, has begun informing 15,056 patients about the potential exposure and theft of some of their PHI by unauthorized persons.
The breach happened at a vendor employed by Seton Medical Center Harker Heights. Unauthorized individuals accessed the email accounts of two employees after the employees made a response to phishing emails. The medical center immediately secured the accounts to stop further unauthorized access. It conducted a forensic investigation to find out the scope of the breach. Based on the notification letter given to the Texas Attorney General, the attackers acquired access to the names and medical data of patients.