The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Server Compromise at Tarleton Medical: PHI Potentially Accessed

Posted By on Mar 14, 2017

Hacking continues to be a leading cause of healthcare data breaches. There have been 55 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) as of March 13, 2017, a quarter of which were attributed to hacking. While unauthorized access/disclosure is the leading cause of healthcare data breaches in 2017 with 44% of the total number of reported breaches, hacking incidents have exposed more records. 260,277 patient and health plan member records have been compromised in hacking incidents – 60% of the total number of healthcare records exposed in 2017.

The two largest healthcare data breaches of the year to date and seven of the top ten healthcare data breaches of 2017 were due to hacking. A network server was compromised in all of those incidents. The largest hacking incident of 2017 impacted 85,995 patients of VisionQuest Eyecare of Indiana. The second largest incident, which impacted 79,930 individuals, was reported by Emory Healthcare and involved a hacked MongoDB database.

Hacked Network Server Discovered by CA-Based Tarleton Medical

The latest hacking incident affects Rancho Mirage, CA-based Tarleton Medical. On January 6, 2017, the medical practice run by Dr. Harold Tarleton, MD, discovered a server had been inappropriately accessed. Upon discovery of the security breach, prompt action was taken to isolate the server and secure patient data. A third-party computer forensics firm was brought in to conduct an investigation to determine the extent of the breach.

On February 2, 2017, the forensics firm determined that the server had been inappropriately accessed by a third party and the PHI of patients was potentially viewed. Information stored on the hacked server included names, addresses, birth dates, healthcare claims information and Social Security numbers.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A breach notice has been submitted to the California attorney general’s office and the Department of Health and Human Services Office for Civil Rights. The latter notification indicates 3,929 individuals have been impacted by the breach, all of whom have been offered identity theft protection and credit monitoring services without charge for a period of 12 months.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist