Email Account Breaches Reported by Four HIPAA Covered Entities
Four HIPAA-covered entities have recently reported breaches of their email environments: Southern Bone & Joint Specialists in Mississippi, Connally Memorial Medical Center in Texas, Rim Country Health and Rehabilitation in Arizona, and Michigan Masonic Home.
Southern Bone & Joint Specialists
Southern Bone & Joint Specialists in southern Mississippi have reported a breach of their email environment. Unauthorized activity was identified in certain employee email accounts on May 7, 2024, and after the accounts were secured, a specialized cybersecurity firm was engaged to investigate the breach. The investigation confirmed there had been unauthorized access to the accounts and that certain files and data stored in the email environment had been accessed.
The file review was completed on August 6, 2024, and confirmed that the protected health information of 7,162 patients had been exposed. The types of information involved varied from individual to individual and may have included names, addresses, phone numbers, dates of birth, diagnosis codes, insurance policy numbers, and CPT codes. Southern Bone & Joint Specialists is offering the affected individuals complimentary credit monitoring services. At the time of issuing notifications, no reports had been received of identity theft or fraud as a result of the breach.
Connally Memorial Medical Center
Connally Memorial Medical Center in Texas has discovered unauthorized access to an employee’s email account. Its September 27, 2024, breach notice does not state when the breach occurred or for how long there had been unauthorized access to the account, only that the investigation concluded on July 29, 2024, and confirmed that the compromised account contained a limited amount of patient data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The exposed information varied from individual to individual and may have included names in combination with one or more of the following: address, date of birth, Social Security number, driver’s license number, medical record number, patient ID or account number, Medicare or Medicaid number, health insurance information, medical diagnosis and treatment information, doctor or facility name and/or date of service. At the time of issuing notifications, no evidence had been uncovered to suggest there had been any misuse of the exposed data.
Connally Memorial Medical Center is enhancing the security measures within its network and is reviewing its current policies and procedures related to data security. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 1,228 individuals.
Michigan Masonic Home
Michigan Masonic Home, a retirement village in Alma, MI, has suffered a breach of a single employee email account. Unauthorized activity was identified in the account in July, and after securing the account, an investigation was launched to determine the nature and scope of the unauthorized activity. The investigation confirmed that there had been unauthorized access to the account from May 28, 2024, to July 18, 2024.
No evidence was found to indicate unauthorized access to protected health information within the account, but the possibility of unauthorized viewing and acquisition of data could not be ruled out. The types of data in the account included names, dates of birth, financial account information, government-issued identification numbers, driver’s license information, credit card numbers, Social Security numbers, medical insurance information, and medical information, which may include lab results, diagnoses, medical histories treatment information, patient numbers, medical record numbers, and prescription information.
Michigan Masonic Home is reviewing its policies, procedures, and processes related to the storage and access of sensitive information to reduce the likelihood of a similar future incident. The file review is ongoing, so it is unclear exactly how many individuals have been affected. The HHS’ Office for Civil Rights has been informed that at least 500 individuals were affected. The total will be updated when the account review is completed.
Rim Country Health and Rehabilitation
Rim Country Health and Rehabilitation in Arizona has reported a hacking incident to the HHS’ Office for Civil Rights that involved unauthorized access to the protected health information of 721 patients. A breach of its email environment was detected on July 16, 2024. Its systems were secured, and an investigation was launched, which confirmed that names, contact information, and medical records had been exposed. Rim Country Health and Rehabilitation has enhanced its security measures and has provided the workforce with additional cybersecurity training.
