Email Incidents Affect Patients of Winter Haven Hospital & The Kennedy Collective
Patient and Employee Data Exposed in Phishing Attack on The Kennedy Collective
The Kennedy Collective, a Trumball, CT provider of disability services formerly known as The Kennedy Center, has fallen victim to a phishing attack that exposed patient and employee data. An employee responded to a phishing email and disclosed their credentials, which allowed the attacker to access the employee’s email account. The account has been secured; however, the review of emails and attachments revealed they contained personal health information, and for a subset of those individuals, Social Security numbers and driver’s license information.
The breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 851 individuals. It is unclear how many employees have been affected. All affected individuals have been notified by mail and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. The Kennedy Collective has taken steps to improve email security and has provided additional anti-phishing training to the workforce.
Employee Error Results in Impermissible Disclosure of Winter Haven Hospital Patients’ Data
BayCare’s Winter Haven Hospital in Florida is alerting patients about an email incident that resulted in an impermissible disclosure of patient data. On March 15, 2024, an employee made a mistake when emailing forms to a patient and accidentally attached a cardiac rehabilitation department file to the email that contained patient data. The file included patient names, dates of birth, the procedure requiring cardiac rehab, date of service, and, in some cases, email addresses, and/or phone numbers.
The error was rapidly identified, and the patient was contacted and agreed to delete the file. Winter Haven Hospital has no reason to believe that the file will not be deleted or that there will be any misuse of the disclosed information. Notification letters were mailed to the affected individuals on May 8, 2024. Winter Haven Hospital said it has taken corrective actions to prevent similar errors in the future, including adding additional access security to the file. The incident has been reported to regulators, although it is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
