The Langone Healthcare system found that the file containing the information about pre-surgical insurance has been repossessed by a company (cleaning company) in October. The file contained the information of about 2000 patients. The data included in the file contains the information about the names of the patients, the date of births, the service providing dates, diagnosis codes and dates, the procedure of application, names of the insurer and the insurance number.
In this case, the management has also highlighted that the stolen information does not contain any data for the SSN number or the financial information of any patient. Although the file containing the information also had the insurance or the financial records of the patients, therefore the NYU Langone Health System has to offer the theft protection to all the affected patients for one year. This service has been offered by the ID Experts.
In order to avoid all such actions in the future, the staff of the hospital has been re-trained for the importance and the safety of the patient’s information. For this, the flow of the information and other activities has also been improved. For now, the management has not received any information about the misuse of stolen data.
The data breach in Chilton Medical Center affected 4,600 Patients
Chilton Medical Center is located in Pequannock. NJ found that one of the employee of the center stole the hard drive of the computer and sold it. The hard drive contained the PHI of the center’s patients. It included the names, the medical record numbers, and the date of birth, addresses, the allergies details and the medication information. The employee of the center sold the drive over the internet.
CMC did not authorized the sale and it was the major breach of medical policies highlighted by HIPAA. This incident has been considered as the information theft and the management reported the Morris County Prosecutor’s Office for the issue. The information breach notice was displayed on the official website of the company and it highlighted that the employee has been terminated from CMC.
After finding the incident, the management also started an internal investigation. This investigation showed that the stealing of the computer hardware is not the first time incident, many previous employees of the company has been doing so. Although, those important hardware did not contain any sensitive information, still the investigation of the process is ongoing.
The patients who visited the CMC for medication between 1st May 2008 and 15th October 2017 became the victim of the breach. All the victims of the breach has been informed for the accident on 15th Dec 2017. CMC management stated that they have applied additional activities to avoid such incidents in future. The breach of the information has been informed to the Department of Health and Human’ Services Office for Civil Rights. According to the breach report, 4,600 individuals got affected.