233,000 Patients Notified About PHI Breach at Genetic Testing Lab

Share this article on:

Ambry Genetics, an Aliso Viejo, CA-based genetic testing laboratory, is notifying 232,772 individuals that some of their protected health information was exposed as a result of a recent email security breach. At almost 233,000 records, this is the second largest healthcare data breach to be reported in 2020.

Ambry Genetics discovered an unauthorized individual gained access to an employee’s email account between January 22 and January 24, 2020 and potentially viewed and obtained the protected health information of its customers. The security team and third-party computer forensics experts were unable to determine if any information in the compromised accounts was accessed or stolen, but no reports have been received to suggest any personal information has been misused.

The email accounts were reviewed and found to contain information such as names, medical information, and other information related to the services provided by Ambry Genetics. A small number of individuals also had their Social Security number exposed.

Ambry Genetics has taken steps to enhance security and further training on email security is being provided to its employees.

Former Arizona Endocrinology Center Physician Takes PHI of 74,000 Patients to New Employer

Arizona Endocrinology Center is alerting 74,122 patients that some of their protected health information has been impermissibly disclosed to another medical group by a physician after he left the practice.

Before Dr. Dwivedi left Arizona Endocrinology Center, he downloaded patient data and disclosed the information to his new employer, More MD. Patient names, telephone numbers, addresses, medical record numbers, and the names of patients’ primary doctor were downloaded from the EHR. No Social Security numbers, health insurance information, or financial data was obtained by Dr. Dwivedi.

Arizona Endocrinology Center learned of the incident on February 17, 2020 when patients started reporting they had received text messages from More MD advising them that Dr. Dwivedi had moved to the medical group. More MD also advertised its services in the text messages. The breach investigation revealed the data was downloaded on January 12, 2020.

Arizona Endocrinology Center has told its patients that it has no business relationship with More MD and Dr. Dwivedi no longer works for the practice, so it has been difficult to obtain solid assurances that patient data has now been deleted and will not be used. The practice explained on its website that “our patients and their families are free to contact Dr. Dwivedi and More MD directly to ask them about their personal information.”

Author: HIPAA Journal

Share This Post On