A physician practice that is affiliated with Eastern Maine Healthcare Systems is notifying 1,200 patients that their email addresses have been exposed to others accidentally, Becker’s Health IT & CIO Review reports.
The incident occurred when the practice, EMMC Family Medicine, emailed patients an invitation to a survey about a new medical record portal. The email allowed patients to view email addresses of others who had received the email.
In addition, the email addresses might have been exposed again in a separate email that EMHS sent to inform individuals of the first incident.
Personal health and financial information were not compromised. EMHS is considering whether the disclosure was in violation of federal rules (Jayanthi, Becker’s Health IT & CIO Report, 4/17).
Indiana State Medical Association
Data from about 40,000 individuals were contained on three devices that were stolen from an Indiana State Medical Association administrator earlier this year, FierceHealthIT reports.
Many individuals affected in the ISMA incident had been affected by a breach reported by Anthem earlier this year, according to FierceHealthIT. That incident exposed the data of about 80 million individuals (Hall, FierceHealthIT, 5/13).
The ISMA incident is the largest breach in Indiana in the first quarter of 2015 (Slabaugh, MuncieStar Press, 5/10).
The three devices — a laptop and two hard drives — were taken from the car of an ISMA administrator on Feb. 13. The devices contained:
- Medical histories;
- Social Security numbers; and
- Other personal information.
The incident affects individuals who have ISMA policies, including:
- Physicians;
- Physicians’ family members; and
- Physicians’ staff.
More than 24 hours passed between the time the incident occurred and when the administrator reported it to the police. Under Indiana law, organizations must notify consumers of a breach “without unreasonable delay” and inform the state attorney general (FierceHealthIT, 5/13).
MetroHealth System
The MetroHealth System in Ohio is informing about 1,000 individuals that their protected health information could have been accessed in a hack that affected three computers, the Cleveland Plain Dealer reports.
On March 17, the health system discovered three computers had been infected with malware. The malware affected the data of patients who underwent heart catheterization procedures between July 14, 2014, and March 21, 2015. The malware was removed on March 18.
Those investigating the situation later discovered the virus had a separate component that allowed “back door” access once the original software was removed. That component was removed on March 21.
The affected computers contained patient information, including:
- Birth dates;
- Case numbers for the procedure;
- Heights;
- Medications administered during the procedures;
- Medical record numbers;
- Names;
- Raw data on cardiac catheterizations;
- Service dates; and
- Weights.
However, MetroHealth said that there is no evidence that health information was improperly accessed.
MetroHealth has responded to the incident by:
- Adding antivirus update reviews;
- Increasing malware monitoring; and
- Revising software update procedures for catheterization lab computers (Zeltner, Cleveland Plain Dealer, 5/16).
University of Pittsburgh Medical Center
The University of Pittsburg Medical Center is notifying 2,200 patients that a third-party vendor’s employee illegally disclosed their data, Becker’s Health IT & CIO Review reports.
UPMC said that an employee of Medical Management, which does billing for the center’s Emergency Resource Management physician group, accessed and copied patient information from the billing system and provided the information to a third party (Jayanthi, Becker’s Health IT & CIO Review, 5/18).
The information that could have been compromised includes:
- Birth dates;
- Names; and
- Social Security numbers (Dvorak, FierceHealthIT, 5/19).
UPMC does not have evidence that medical or treatment histories were disclosed.
Medical Management informed UPMC of the incident after federal law enforcement said they were performing a criminal investigation into the matter (Becker’s Health IT & CIO Review, 5/18).
Source: http://ift.tt/1AmcLu1
from health IT caucus http://ift.tt/1K5EteO
via IFTTT
No comments:
Post a Comment