15-Year Employee Privacy Breach Discovered by Metro Health System
Metro Health System in Cleveland, OH, has discovered an employee has accessed patient records without a valid work reason. The unauthorized access was discovered on April 27, 2023, and the subsequent investigation confirmed that patient records had been accessed without authorization at various times over the past 15 years. The earliest incident occurred in 2008.
The information viewed included patient names, dates of birth, and clinical information. No Social Security numbers or financial information were accessed. A spokesperson for Metro Health said the employee has been disciplined per its sanctions policy and no evidence has been found to indicate redisclosure of patient data or any misuse of that information. Affected individuals are being notified by mail, steps are being taken to improve its privacy practices, and further training has been provided to the workforce.
COX Health Affected by Hacking of Fortra GoAnywhere File Transfer Solution
Springfield, MO-based CoxHealth has recently confirmed that patient data was compromised in a January 2023 cyberattack on its billing vendor, Intellihartx. The Clop ransomware group exploited a vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution, stole sensitive data, and demanded a ransom to prevent the release of that information.
CoxHealth says up to 203,000 patients had their protected health information stolen in the attack, including names, addresses, birth dates, Social Security numbers, diagnoses, and billing and insurance information. The 203K figure is the maximum number of patients that could have been affected. It was not possible to determine with any degree of certainty exactly how many individuals had been affected. Intellihartx has offered complimentary credit monitoring and identity theft protection services to affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
SoutheastHealth Issues Statement About Potential Vendor Breach
SoutheastHealth in Cape Girardeau, MO, has issued a statement about a potential data breach at a vendor, ITX (Intellihartx). SoutheastHealth said it learned about a potential breach when one of its patients said they had received a letter from Intellihartx saying their protected health information had been exposed and potentially stolen.
SoutheastHealth said names, addresses, dates of birth, billing information, insurance information, diagnoses, medications, and Social Security numbers were potentially stolen in the attack on the file transfer solution and confirmed that its own systems were not affected. SoutheastHealth said it does not currently have a business relationship with Intellihartx and no formal notification was received from Intellihartx confirming SoutheastHealth was one of the companies affected.
