The Pennsylvania and Texas Data Theft Exposed PHI of More than 5000 Patients

The two institutes, Midland Memorial Hospital located in Midland and Washington health system Greene located in Waynesburg claimed that the PHI of the patients has been exposed.

Washington Health System Greene finds that their hard drive is missing

Washington Health System Greene is informing about 4,145 individuals that their PHI has been stolen by the unauthorized people. They found the exposure after discovering that the hard drive of the computer is missing. The management of the Radiology Department found that their portable hard drive is missing and it was missed on 11th October 2017. It was thought that hard drive may have been misplaced so the management took complete time to find out the hard drive. After completing the search process they informed the incident to the Pennsylvania State Police Department.

The stolen device contain the personal information about the patients especially those who visited the hospital between 2007 and 2017. The stolen information was all about the names of the patients, the height, race, gender, weight, the name of the physician who treated the patient, the problem or the health issue and the medical record number. Among all these, there was not any financial information about the patient and SSN, insurance detail and the insurance information was uncovered.

According to the HIPAA rules and regulations, all the victims were notified for the data theft. As the data theft contains limited amount of information, the Washington Health System Greene believe that there is not any serious risk with the patient’s information.

Midland Memorial Hospital finds the expose of E-mail account

Midland Memorial Hospital found that the PHI of the limited number of patients has been exposed. More than a thousand patients were affected due to the breach. According to the management of the Midland Memorial Hospital, one of the unauthorized person hacked the email account of the employee working in the hospital. This was an attempt for a Business Email Compromise Attack. The main goal of the unauthorized person was to make fool of the employees and transfer of the amount in inappropriate or wrong bank account.

This breach of information happened on 13th of October 2017 while the access to the email account was gained on 10th October. After finding the security breach, the access to the affected email account was immediately terminated and they invested the complete process. The email account contained the information of the patients including the names, the medical number, the account number and the radiology process for the people who have visited hospital between August & Sep 2017. According to the management, the financial or the SSN of the patients has not been exposed. The unauthorized people did not use the information in a negative way yet.

Midland Memorial Hospital has took a number of steps to prevent such activities in future. They are focusing on the regenerating polices, rules and retraining the staff members.