Eastern Idaho Public Health Discovers Insider Data Breach
Eastern Idaho Public Health has discovered an insider data breach, Pacific Pulmonary Medical Group has identified unauthorized access to its scheduling software, and Ingham County Medical Care Facility (Dobie Road) said patient data was accessed in a security incident at its electronic health records portal manager.
Eastern Idaho Public Health Discovers Insider Data Breach
Eastern Idaho Public Health has started notifying certain patients that one of its former employees has accessed their medical records without authorization. When unauthorized access to medical records was suspected, a review was conducted of the employee’s access logs and interviews were conducted with staff members.
The employee was discovered to have viewed patient records, specifically patient clinic notes. The information potentially viewed included health screening information, patient histories, assessments, orders, and test results. Eastern Idaho Public Health was able to confirm that copies of the records had not been made and Eastern Idaho Public Health is confident that the information in the medical records has not been used for malicious purposes and there are no indications that any of that information will be misused in the future.
When unauthorized medical record access was confirmed, the staff involved was terminated and education about access to medical records under HIPAA was reinforced with employees. The HHS’ Office for Civil Rights breach portal indicates that 759 individuals were affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Compromised Credentials Used to Access Pacific Pulmonary Medical Group’s Scheduling Software
Pacific Pulmonary Medical Group (PPMG), a Riverside, CA-based medical group of pulmonary, sleep, critical care, and thoracic surgeons, has notified the California Attorney General about unauthorized access to its scheduling software. The unauthorized access was detected on or around October 22, 2024. An employee’s credentials for its third-party scheduling software had been compromised and were used by an unauthorized individual to access the system between October 21, 2024, and October 22, 2024.
There is currently no substitute notice on the PPMG website, and the breach notice sent to the California attorney general includes mail merge fields rather than the types of data involved. Individual notification letters will state the exact types of data involved. The affected individuals have been offered complimentary credit monitoring services. The breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 12, 723 individuals.
Ingham County Medical Care Facility (Dobie Road) Affected by EHR Portal Manager Data Breach
Ingham County Medical Care Facility, doing business as Dobie Road, has recently confirmed that the protected health information of 3,078 patients has been compromised in a data breach at one of its business associates. Dobie Road’s third-party electronic health records portal manager experienced a security breach on or around September 19, 2024, and the investigation confirmed there had been unauthorized access to the data of current and former patients. The compromised information varied from individual to individual and may have included names addresses, and Social Security numbers. Individual notification letters were mailed to the affected individuals by Dobie Road on December 27, 2024.
