The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI Exposed in Security Incidents at Georgia Pines CSB & Ballad Health

Posted By on Apr 26, 2022

Security incidents have recently been reported by Georgia Pines CSB and Ballard Health, which have involved the protected health information (PHI) of 28,295 individuals.

Ballad Health Discovers Breach of Employee Email Account

Ballard Health, an integrated community health improvement organization serving communities in the Appalachian Highlands in Northeast Tennessee, Southwest Virginia, Northwest North Carolina, and Southeast Kentucky, has recently discovered an unauthorized individual has accessed the email account of one of its employees.

Suspicious activity was detected in the email account of an employee on or around January 13, 2022. The email account was immediately secured, and a forensic investigation was conducted to determine the nature and scope of the breach. On February 17, 2022, it was determined that the email account was accessed for a short period by an unauthorized individual who may have viewed or acquired information in the account.

A review of the emails in the account confirmed on March 16, 2022, that they included the protected health information of 4,295 patients, such as names, dates of birth, medical histories, medical conditions, treatment information, medical record numbers, diagnosis codes, and patient account numbers. It was not possible to tell which emails, if any, had been viewed or obtained.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Ballard Health said it will continue to educate the workforce on the importance of security measures that must be taken by employees to protect its email system.

Laptops Stolen from Georgia Pines Community Service Board

Two laptop computers containing the protected health information of up to 24,000 patients were stolen in a break-in at Georgia Pines Community Service Board (CSB) at some point between April 6 and April 7, 2022. Georgia Pines CBS staff discovered the break-in at its main campus on the morning of April 7, 2022.

The laptops contained files that included protected health information such as names, addresses, Social Security numbers, and medical records. No evidence has been found to indicate any information on the laptops has been viewed or misused by unauthorized individuals, but unauthorized access and misuse cannot be ruled out.

Notification letters started to be sent to affected individuals on April 7, 2022.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist