Law Enforcement Notifies Cambridge Health Alliance About PHI Breach

Share this article on:

Cambridge Health Alliance (CHA) in Massachusetts has been notified by law enforcement that the protected health information of some of its patients has been discovered in the possession of an unauthorized individual.

On January 31, 2018, Everett Massachusetts Police Department notified CHA that files containing the PHI of some of its patients had been discovered in the possession of an individual unauthorized to have the information. After being notified of the breach, CHA conducted an internal investigation into the breach and examined the files.

At least one of the files contained PHI related to billing which included patients’ names, addresses, dates of birth, Social Security numbers, employer information, charges for healthcare services, and discharge dates. The data related to billing from 2013.

According to a breach notice sent to affected individuals by the law firm BakerHostetler on behalf of CHA, the breach impacted four individuals in New Hampshire, all of whom have been offered complimentary credit monitoring and identity theft protection services through Experian.

While the breach notice states that only four individuals were impacted, the Boston Globe has reported that notification letters have been sent to approximately 2,500 patients. The details of the breach are the same apart from the number of individuals impacted.

According to the Boston Globe, CHA spokesman David Cecere confirmed that the incident is still being investigated and it is currently unclear how the information came to be stolen. Cecere said it could have been a hack or the information could have accidentally been made public.

In addition to the internal investigation, CHA has retained a computer forensics firm to provide assistance and attempt to determine exactly how the data was stolen.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On