In the past months, there have been several data breaches at a variety of healthcare companies. These companies include hospitals and health systems. Even though online networks are typically prone to cybersecurity threats, the number of breaches in the healthcare industry have been notable.
Kaiser Permanente Incident
On April 5th, a data breach incident occurred at the Kaiser Foundation Health Plan of Washington. On June 3rd, officials at Kaiser Permanente followed up on this incident. Officials say that they noticed an unauthorized party had access to employee emails. The Kaiser security team was able to terminate this party’s access and begin their investigation. They determined that the emails contained protected health information and they are unsure if the unauthorized party accessed this personal information.
The protected health information within the emails included names, medical records, and lab results. However, security officials say that the emails did not contain Social Security or credit card numbers. Further, there has been no attempts of identity theft or misuse of protected information since the incident has occurred.
Phishing Scam at Atrium Health
This month, officials found out about a third party who used a phishing scam to access an Atrium Health at Home employee’s emails and messages. Then, Atrium Health secured the employee’s account and notified outside law enforcement and security.
According to Atrium Health officials, the unauthorized party most likely did not access personal information. However, they state that they cannot be certain the party did not access protected health information. Within the employee’s account there was protected health information such as names, addresses, and insurance information. Also, some Social Security and driver’s license information was contained. While there has been no more unauthorized access to electronic records systems, this data breach is still concerning for several customers.
Data Breach at UNC Health Care
UNC Lenoir Health Care and business partner MCG Health also had an incident involving unauthorized access to patient information. Earlier this year, MCG Health received contact from an unknown party that claimed to have obtained protected health information from MCG patients. This party then demanded payment in exchange for returning patient files back to MCG.
After contacting the FBI and forensic investigators, it was determined that patient health records had been listed for sale on the dark web. While these were all MCG patients, officials were concerned that the unauthorized party may also have access to UNC Lenoir’s patient records as well. Therefore, the personal, financial, and medical information of several patients is now in jeopardy.
Get Certified
American Medical Compliance (AMC) is a leader in the industry for compliance, Billing, and HR solutions. Learn how you can protect your company from data breaches by taking AMC’s HIPAA Regulations and Cybersecurity Training for Healthcare Personnel course today. Visit www.americanmedicalcompliance.com for more information.
References
Healthcare IT News (2022, June 27). Healthcare data breach roundup: Atrium, Kaiser, UNC, and more. Retrieved from: https://www.healthcareitnews.com/news/healthcare-data-breach-roundup-atrium-kaiser-unc-and-more
