28,000 Clarke County Hospital Patients Affected by April Cyberattack
Clarke County Hospital in Osceola, IA, has recently started notifying 28,003 current and former patients about a security breach that exposed some of their protected health information. Suspicious activity was detected within its IT environment and the network was immediately isolated. A third-party digital forensics firm was engaged to investigate the security breach to determine the nature and scope of the incident and confirmed there had been unauthorized access on April 14, 2023, and the parts of the network that were accessed contained patient information.
The electronic medical record system was not compromised, and highly sensitive information such as Social Security numbers, banking information, credit card information, and/or financial information was not accessed. The files potentially viewed or stolen included names, addresses, dates of birth, health insurance information, medical record numbers, and some health information. At the time of issuing notifications, no reports had been received to indicate there had been any actual or attempted misuse of patient data.
Clarke County Hospital said enhancements were immediately made to improve system security and experts have been engaged to conduct a comprehensive review of system security. Security protocols will be further enhanced based on the findings of the review. Complimentary credit monitoring services and identity theft protection services have been offered to all potentially impacted individuals for 12 months and the hospital recommends that all individuals take advantage of those services.
Health Benefit Plan Data Stored on Stolen Laptop
A laptop computer has been stolen from the vehicle of an employee of the Anchorage School District, potentially exposing the protected health information of employees covered by its health benefit plan. The theft occurred on March 15, 2023, and the incident was immediately reported to law enforcement, but the laptop computer has not been recovered.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The school district immediately investigated and confirmed that the laptop computer has not been reconnected to the Internet. A review was conducted to determine if any files had potentially been downloaded to the laptop that could have been accessed. The review identified some files that were maintained for human resources and benefits purposes, which contained names, Social Security numbers, and information related to enrollment in the employee health plan.
Complimentary credit monitoring and identity theft protection services have been offered to the 4,598 employees potentially affected. Further training has been provided to the workforce on the importance of safeguarding sensitive information and portable device security measures are being enhanced.
Henry Mayo Newhall Hospital Discovers Employee Snooped on Medical Records
Henry Mayo Newhall Hospital (Henry Mayo) in Valencia, CA, has discovered an employee has accessed the protected health information of certain patients without a valid business reason for doing so. The privacy breach was detected on May 8, 2023, and notification letters were sent to affected individuals on May 26, 2023.
The investigation confirmed that the employee was able to view patient information such as names, birth dates, medical record numbers, visit numbers, and clinical data such as diagnoses, vital signs, and narrative clinical notes. The employee was interviewed about the unauthorized access and Henry Mayo believes the records were accessed out of curiosity and that no patient information has been further disclosed or misused. The hospital has taken action per its sanctions policy and has taken steps to prevent further privacy breaches in the future, including continuing to counsel and educate staff members.
It is currently unclear how many patients have been affected.