The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Incidents Reported by Randolph Health & Rutgers Robert Wood Johnson Medical School

Posted By on Apr 15, 2024

Randolph Health and Rutgers Robert Wood Johnson Medical School have recently reported email incidents involving the unauthorized access/disclosure of patient information.

Randolph Health

American Healthcare Systems LLC, doing business as Randolph Health in North Carolina, discovered a compromised employee email account on February 14, 2024. The email account was immediately secured to prevent further unauthorized access and third-party cybersecurity experts were engaged to investigate the incident. The investigation confirmed that the breach was limited to a single email account, and the review of the account confirmed that files were present that contained the protected health information of 899 patients.

The exposed data included full names, dates of birth, medical record numbers, health insurance identification numbers, and diagnosis codes. Randolph Health said it was not possible to tell if any of those files were accessed or acquired, so notification letters were sent to all potentially affected individuals. Randolph Health said it is committed to maintaining the privacy of personal information and has taken additional steps to improve security and will continue to evaluate its security practices.

Rutgers Robert Wood Johnson Medical School

Rutgers Robert Wood Johnson Medical School in New Brunswick, NJ, has identified an email incident involving the protected health information of 543 patients. On February 1, 2024, the medical school discovered a former employee had emailed patient data from their work email account to a personal email account. Several files had been emailed that included spreadsheets containing patient data, including patient names, medical record numbers, treatment information, and prescription information. The information was sent to the personal email account on January 19, 2024.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The affected individuals were notified by mail on April 1, 2024, and the matter has been reported to law enforcement for investigation and appropriate action. The affected individuals have been advised to monitor the statements they received from their healthcare providers and health insurance plan for any services that were not received, and if they are found, to report it to the relevant provider or health plan.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist