Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services
Providence Mission Heritage Endocrinology and Samaritan Health Services have identified unauthorized access to patient data by former employees.
Providence Mission Heritage Endocrinology
In May 2024, Providence Mission Heritage Endocrinology in Mission Viejo, CA, discovered an insider breach that involved unauthorized access to clinical records. Providence launched an investigation into the activity and confirmed that the unauthorized access had been ongoing for more than three years. The first instance occurred on December 15, 2020, and it continued until May 15, 2024. The nature of the access was not disclosed; however, Providence said there is an active investigation by the California Department of Insurance.
The review confirmed that only names, State IDs, driver’s license numbers, and health insurance coverage information were accessed. Social Security numbers were not accessed; however, as a precaution, credit monitoring and identity protection services have been offered to the affected individuals for 12 months at no cost. Cambria Haydon, Chief Privacy Officer, Providence has advised the affected patients to take advantage of those services. The incident has been reported to the HHS’ Office for Civil Rights as affecting 2,000 individuals.
Samaritan Health Services
Samaritan Health Services in Oregon has announced that a physician who worked at its Lebanon Community Hospital may have accessed the protected health information of patients without authorization. An investigation was launched in November 2023, when unauthorized access was suspected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The investigation involved a review of access logs to patient records, interviews with patients and employees, and a written attestation from the physician. While many of the records accessed by the physician were for legitimate purposes, Samaritan was unable to verify the purpose of the physician’s record access for 1,296 individuals. However, there may not have been a failure of HIPAA compliance in this case.
Samaritan is confident that if the medical records of those individuals were accessed, it was not for malicious purposes and there are no indications that any patient data will be misused. As a precaution, the affected individuals have been advised to monitor their account statements and credit reports closely and should immediately report any unusual activity to the appropriate financial institution.
