168,000 Patients Have PHI Exposed in Phishing Attack on Henry Ford Health
Detroit, MI-based Henry Ford Health has recently notified 168,000 patients that an unauthorized individual gained access to employee email accounts that contained some of their protected health information. A spokesperson for Henry Ford Health said the unauthorized access occurred on March 30, 2023, after employees responded to phishing emails. The attack was discovered quickly and the accounts were secured; however, access to patient data was possible. A review of the email accounts confirmed on May 16, 2023, that they contained the following patient information: name, date of birth, age, gender, telephone number, medical record number/ internal tracking number, lab results, procedure type, diagnosis, and date(s) of service. Henry Ford Health is implementing additional security measures to protect against future email account breaches and additional training has been provided to employees.
IMX Medical Management Services Announces 2022 Malware Incident
The Malvern, PA-based medical consulting company, IMX Medical Management Services, has recently confirmed that malware was found on a laptop computer that potentially allowed unauthorized individuals to access the protected health information of 7,594 individuals. According to the notification letters, the malware was detected on September 1, 2022, and the forensic investigation revealed the malware had been present since as early as June 2022. Additional malware indicators were also found on its network in October 2022.
IMX said the malware has been removed and no further indicators of malware have been detected since October 2022. The delay in issuing notifications was due to the “extensive and complex analysis of the affected data.” IMX said the malware provided access to the bodies of email messages but attachments were not exfiltrated. The compromised information included names or other personal identifiers along with driver’s license numbers and other ID cards. Identity theft protection services have been offered to affected individuals.
Storage Unit Purchased at Auction Contained Dozens of Boxes of Patient Files
A storage unit was recently sold at auction that contained more than 200 boxes of patient files. The unit went up for sale when the unit rental payments stopped. The purchaser submitted a blind bid for the unit and discovered the boxes of patient files after purchasing the unit. The records related to patients of East Houston Medicine and Pediatric Center who received treatment between 2009 to 2019. The files included information such as names, Social Security numbers, driver’s license images, medical histories, and insurance information. The purchaser is currently trying to arrange for the files to be collected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
PHI Exposed in Charles George VA Medical Center Mismailing Incident
Charles George VA Medical Center in Asheville, NC, has confirmed that the personal information of 1,541 veterans has been exposed in an email mismailing incident. The data exposure was detected on May 12, 2023, and immediate steps were taken to delete the emails that had not been opened; however, the messages were opened by three veterans. The emails included an attachment that contained limited protected health information. Affected individuals have been offered complimentary credit monitoring and identity theft protection services.
