HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattack Forces St. Margaret’s Health –Spring Valley to Shut Down Computer Systems

St. Margaret’s Health –Spring Valley in Illinois is investigating a cyberattack that occurred over the weekend of February 20/21, 2021. The security breach was detected by the hospital’s IT team on February 21, and the hospital’s computer network and all web-based applications including email and its patient portal were shut down.

The hospital had security systems in place to protect against intrusions and data breaches. It is currently unclear how those systems were bypassed. Third-party cybersecurity experts have been engaged to assist with the investigation and remediation efforts.

St. Margaret’s Health had developed and practiced computer downtime emergency operations, which have been implemented and the hospital has temporarily reverted to paper records for recoding patient information and the hospital is relying on telephone and fax for communication while the email system is out of action. It is currently unclear for how long the systems will remain offline.

The cyberattack did not affected the computer systems of St. Margaret’s Peru, as those computer systems have not yet been merged with St. Margaret’s Spring Valley. Care continues to be provided to patients; however, diagnostic imaging procedures have been temporarily transferred to St. Margaret’s Peru while the security breach is remediated.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The breach investigation is still in the early stages, but no evidence has been found so far to suggest any patient information has been compromised.

COVID-19 Contact Tracing Data of Pitkin County, CO Residents Exposed Online

The personal information of 1,454 residents of Pitkin County in Colorado has been exposed online and could potentially have been accessed by unauthorized individuals. The exposure of the data was due to an error that occurred when configuring the county’s COVID-19 contact tracing system.

The types of information exposed includes names, dates of birth, employer information, date of onset of COVID-19 symptoms, date and type of COVID-19 test taken, the results of those tests, whether individuals have had a flu jab, information on school and childcare used by individuals, and whether individuals had any underlying health conditions. The information was exposed online between October 1, 2020 and December 14, 2020.

An error occurred when configuring the software used to upload the information to the website, which failed to prevent certain fields from being rendered inaccessible. While it is not possible to determine if any information was accessed by unauthorized individuals during the time it was accessible, the county suspects some people may have downloaded the information.

Pitkin Country is offering 12 free months of credit monitoring and identification restoration services to affected individuals.

Documents Containing PHI of HarborChase Nursing Home Residents Found Scattered in Florida Streets

Documents containing the protected health information of residents of the HarborChase senior living facility in Mandarin in Jacksonville, FL have been found scattered in streets in St. John’s County. First Coast News was alerted to the privacy breach by residents who discovered the paperwork, some of which contained sensitive information such as names, addresses, Social Security numbers, and prescription information.

Some of the information related to patients of Guardian pharmacy, which was alerted to the breach and subsequently notified HarborChase. According to a report on First Coast News, HarborChase is investigating a document shredding company it contracted to securely dispose of documents containing patient information. HarborChase said all of the documents had been sent for secure disposal.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.