Douglas County Department of Health and Human Services Discovers Insider Data Breach
The Douglas County Department of Health and Human Services in Wisconsin has discovered a former employee accessed patient records without authorization over 21 months. Richmond University Medical Center has notified patients affected by a May 2023 data breach, and Premier Healthcare Holdings has discovered a breach of its email system.
Douglas County Department of Health and Human Services Discovers Insider Data Breach
The Douglas County Department of Health and Human Services in Wisconsin has notified patients whose protected health information was accessed by a former employee without authorization. On May 13, 2024, an audit of the department records identified unauthorized access to patient information. After verifying the unauthorized access, the employee concerned was terminated and the records were reviewed to determine the types of data potentially viewed or obtained by the former employee.
The unauthorized access occurred between August 11, 2022, and May 13, 2024, and the employee may have viewed the following data types: name, address, phone number, email address, date of birth, gender, race, Social Security number, description of physical and/or mental health, medical diagnosis, medical record numbers, health plan beneficiary numbers, and vehicle identifiers. The department conducted the investigation with assistance from the State of Wisconsin and the Superior Police Department. No evidence was found to indicate that any of the viewed information had been used for identity theft, financial fraud, or any other malicious purposes.
It is currently unclear how many individuals were affected. The breach is not yet shown on the HHS’ Office for Civil Rights website, and will not be displayed if the breach affected fewer than 500 individuals. The department said it had mailed 316 notification letters; however, it could not send letters to individuals for whom the department did not hold current addresses. The department did not state many individuals without current addresses were affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Richmond University Medical Center Notifies 647K Patients About May 2023 Data Incident
Richmond University Medical Center in Staten Island, NY, has mailed individual notification letters to 674,033 patients affected by a security incident that occurred on or around May 6, 2023. Richmond University Medical Center said it uploaded a notice to its website as soon as the breach was discovered; however, it took until December 1, 2024, to complete the manual review of the affected files. Individual notification letters were mailed to the affected individuals on December 19, 2024.
Richmond University Medical Center’s electronic medical record system was not accessed; however, files on the network were viewed or obtained by an unauthorized third party that included names, Social Security numbers, dates of birth, driver’s license numbers/state identification numbers, other government identification numbers, financial account information, credit or debit card information, biometric information, user credentials, medical treatment/diagnosis information, and/or health insurance policy information. The types of data involved varied from individual to individual. Richmond University Medical Center said it is evaluating its internal controls, policies, and procedures and will modify them to enhance privacy and security.
* This section has been updated since publication to state the number of individuals affected by the data breach.
Premier Healthcare Holdings Reports Data Breach Affecting 5,500 Individuals
Premier Healthcare Holdings Inc., a Cumming, GA-based provider of dialysis staffing solutions for chronic and acute dialysis facilities, identified unauthorized activity within its email system on or around July 19, 2024. Steps were immediately taken to secure its email environment and an investigation was launched to determine the extent of the activity and whether any patient data had been exposed.
On November 22, 2024, Premier Healthcare Holdings confirmed that the email account contained a limited amount of personal information of 5,576 individuals. Individual notification letters were mailed to the affected individuals on December 20, 2024. The letters state the types of information compromised for each individual. Credit monitoring and identity theft protection services have been made available.
