HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

20K Patients of Pasquotank-Camden Emergency Medical Services Impacted by Server Hack

Pasquotank-Camden Emergency Medical Services (PCEMS) has discovered hackers have infiltrated a server that housed its billing system, which contained the protected health information of 20,420 patients.

As a result of the intrusion, the hackers potentially gained access to the highly sensitive information of individuals who had previously received medical services from PCEMS.

The types of information stored on the server included names, birth dates, Social Security numbers, and some medical information that had been collected by PCEMS.

The breach was reported immediately to the Sheriff of Pasquotank County and federal law enforcement agencies, who determined that the hackers were based outside the United States. No evidence was found to indicate patients’ protected health information was stolen and at the time of issuing notification letters to patients, no reports had been received to suggest patient information had been misused.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Since data theft could not be ruled out, PCEMS has offered all affected patients 12 months of free credit monitoring and identity theft protection services through ID Experts. Affected patients will also be covered by a $1,000,000 insurance reimbursement policy. Enrollment in these services is not automatic. Patients have until May 26, 2019 to register for the services.

PCEMS is now reviewing its cybersecurity protections and will be taking steps to enhance cybersecurity to prevent similar breaches in the future.

Oklahoma Heart Hospital Notifies Patients of Potential ePHI Breach

Oklahoma Heart Hospital is notifying 1,221 patients that some of their protected health information was stored on desktop computers that were stolen in January.

Four desktop computers were stolen from the outpatient clinic at Mercy Hospital in Oklahoma City, OK. Oklahoma Heart Hospital was in the process of relocating those offices when the theft occurred.

The stolen computers were not encrypted so patient information could potentially be accessed by the thieves. Patient information on the computers was present in stored email messages that had been sent between hospital employees and was limited to names, addresses, phone numbers, dates of birth, and clinical information such as blood pressure logs and lab values. Medical records are stored on a secure server and were not exposed.

Oklahoma Heart Hospital has now revised its policies and procedures to prevent similar breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.