Share this article on:
Almost 3,400 patients of Children’s Hospital Colorado are being notified that some of their protected health information has potentially been accessed by an unauthorized individual who gained access to the email account of a staffer.
The incident was discovered by the Aurora, CO hospital on July 11, 2017, prompting a full investigation to determine the scale and scope of the breach. A third-party computer forensics firm was hired to assist with the investigation to help identify how access to the email account was gained, whether any other systems had been compromised, and to identify any actions taken by the attacker.
An analysis of data in the email account showed a limited amount of PHI was potentially compromised, including names, addresses, dates of birth, telephone numbers, medical diagnoses, treatment information and other clinical information. No financial information, insurance details, Social Security numbers or other highly sensitive data were exposed.
The investigation confirmed the breach was limited to a single email account and its EHR was not affected. While access to the email account was possible, the investigation uncovered no evidence to suggest any emails were accessed no that any PHI was viewed. Children’s Hospital Colorado also said no reports have been received to suggest any information has been misused in any way.
Children’s Hospital Colorado said, “Protecting the security and confidentiality of patient personal and medical information is of the utmost importance.” To prevent future incidents of this nature from occurring, existing safeguards have been enhanced and a review of its systems is underway to identify any additional controls that can be implemented to further protect patient health information.
Notifications were sent to all affected individuals by mail on Friday and the incident has been reported to appropriate authorities, including the Department of Health and Human Services’ Office for Civil Rights.