Email Breaches Reported by MedStar Health, Bluebonnet Trails Community Services, Bluegrass Care Navigators
MedStar Health is notifying more than 118,000 patients about an email security incident that exposed their protected health information. Email accounts have also been compromised at Bluebonnet Trails Community Services and Bluegrass Care Navigators.
MedStar Health
MedStar Health, a non-profit healthcare provider that operates 10 hospitals in the Baltimore-Washington area, said hackers gained access to its network and may have obtained the protected health information of 183,000 patients, including names, addresses, dates of birth, dates of service, provider names, and health insurance information.
MedStar Health did not say when the unauthorized access was first detected but confirmed that the email accounts of three employees were accessed by unauthorized individuals intermittently between January 2023 and October 2023. MedStar Health said it has no reason to believe that patient data was accessed or acquired, but it was not possible to rule out data theft with a high degree of certainty. As required by HIPAA, MedStar Health had implemented technical, physical, and administrative safeguards to ensure the confidentiality of patient data, and since the breach has augmented those safeguards to prevent similar breaches in the future. The affected individuals were notified by mail on May 3, 2024.
Bluebonnet Trails Community Services
Bluebonnet Trails Community Services, a provider of mental health and developmental disabilities services in central Texas, has experienced a breach of its email environment. Unauthorized activity was detected in its email environment on or around October 4, 2023. Passwords were reset to prevent further unauthorized access, and third-party cybersecurity experts were engaged to investigate the incident. The investigation confirmed that a small number of employee email accounts had been accessed by an unauthorized third party between July 20, 2023, and October 6, 2023. The accounts were reviewed to determine the types of information that had been exposed, and that process was completed on February 26, 2024.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Bluebonnet Trails Community Services said 76,165 individuals had some of their protected health information exposed, including names in combination with one or more of the following: date of birth, Social Security number, driver’s license or state identification number, financial account number, medical information, health insurance information, full-access credentials, and government-issued identification number. Bluebonnet Trails Community Services has reviewed its policies and procedures relating to data privacy and security and has implemented additional safeguards to prevent similar incidents in the future.
Bluegrass Care Navigators
Hospice of the Bluegrass, Inc., doing business as Bluegrass Care Navigators, has reported a data security incident involving the protected health information of 2,282 individuals. The Kentucky, home healthcare provider and hospice operator identified unauthorized access to an employee’s email account on March 4, 2024. The forensic investigation found no evidence of access to its network, electronic health records, or other employee email accounts. The compromised account was reviewed and was found to contain information such as patient names and health insurance information. Bluegrass Care Navigators said it has implemented additional safeguards to improve email security.
Email breaches are commonly reported by HIPAA-regulated entities, and while it is not possible to completely eliminate risk, it is possible to reduce risk to a low and acceptable level by making your email HIPAA-compliant, providing security awareness training to the workforce and implementing phishing-resistant multi-factor authentication.
