HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data Breaches Reported by University of Maryland Faculty Physicians and Highpoint Foot & Ankle Center

University of Maryland Faculty Physicians Inc. (FPI) has suffered a phishing attack in which the protected health information of patients of University of Maryland Medical Center (UMMC) may have been accessed by unauthorized individuals.

FPI is the faculty practice plan for University of Maryland School of Medicine affiliated physician practice groups and provides support to physicians and staff who provide services at UMMC locations.

Following the discovery of the unauthorized accessing of an FPI email account, the account was secured and a comprehensive investigation was conducted to determine the nature and scope of the breach. On May 26, 2020, FPI determined the email account was accessed by an unauthorized individual between February 6, 2020 and February 11, 2020. The email account contained the protected health information of 33,896 individuals.

The types of information in the account varied from patient to patient and may have included the following data types in addition to patient names: Date of birth, medical record number, and clinical information related to the care received at a UMMC location or from an FPI-affiliated physician. A small number of Social Security numbers were also found in emails and email attachments. No evidence was uncovered suggesting patient data was viewed or obtained by the attacker.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

FPI and UMMC have conducted a review of policies and procedures and steps have been taken to improve email security to prevent further breaches in the future.

Records of 25,554 Patients of Highpoint Foot & Ankle Center Potentially Compromised

Highpoint Foot & Ankle Center in Chalfont, PA has discovered an unauthorized individual conducted a remote access attack and gained access to systems containing 25,554 patient records. The security breach was detected on May 20, 2020 and prompt action was taken to prevent further unauthorized system access.

An internal investigation was immediately launched which revealed the hacker had access to patient records that contained patient names, addresses, dates of birth, phone numbers, Social Security numbers, and diagnosis and treatment information. While unauthorized access was confirmed, no evidence was found that indicated patient information was viewed or copied and no reports have been received suggesting patient data has been misused.

Highpoint Foot & Ankle Center has implemented additional safeguards to prevent further security breaches and has offered affected patients complimentary membership to credit monitoring and identity theft protection services through MyIDCare.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.