6,000 Patients Notified About Email Security Breach at Beaumont Health

Beaumont Health, the largest healthcare provider in Michigan, has started notifying approximately 6,000 patients that some of their protected health information has potentially been accessed by unauthorized individuals.

On June 5, 2020, Beaumont Health learned that email accounts accessed by unauthorized individuals between January 3, 2020 and January 29, 2020 contained the protected health information including names, dates of birth, diagnoses, diagnosis codes, procedure and treatment information, type of treatment provided, prescription information, patient account numbers, and medical record numbers.

While the email accounts were accessed by unauthorized individuals, no evidence was found to suggest emails or email attachments in the accounts were viewed or copied by the attackers and no reports have been received that suggest patient data has been misused.

This is the second phishing-related breach to be announced by Beaumont Health this year. In April, Beaumont Health started notifying 112,211 individuals that some of their PHI was contained in email accounts that were breached in late 2019.

Beaumont Health has taken steps to improve its internal procedures to allow it to identify and remediate threats more rapidly in the future and additional safeguards have been implemented to improve email security, including the use of multi-factor authentication. Further training has also been provided to employees on the identification and handling of malicious emails.

Medical Files Southcare Minute Clinic

Southcare Minute Clinic in Wilmington, NC, is being investigated by the North Carolina Department of Health and Human Services over the improper disposal of medical files. The Wilmington Police Department responded to a call advising them that sensitive documents and hazardous waste had been disposed of in a regular dumpster behind the former Southcare Minute Clinic at 1506 Market St.

The dumpster was found to contain paperwork that included patient information, used needles, and other hazardous waste. The police confirmed that HIPAA Rules had been violated but determined no crime had been committed. The dumpster has since been removed and there is no longer any threat to public safety. The North Carolina Department of Health and Human Services will determine whether a financial penalty is appropriate.

Samaritan Medical Center Investigating Potential Security Breach

Samaritan Medical Center in Watertown, NY has announced it has experienced a security incident that has forced it to take its computer systems offline. Staff have switched to pen and paper while the attack is remediated and while care is still being provided to patients. No patients have been transferred to other facilities, but the decision was taken to cancel some non-urgent appointments. No further information on the exact nature of the security breach has been released at this stage.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.