Lost Storage Device Contained Unencrypted PHI of Cedar Springs Hospital Patients

Cedar Springs Hospital in Colorado Springs, CO is notifying certain patients that some of their protected health information was stored on a portable storage device that was lost in October 2020. The Colorado Department of Public Health and Environment had sent a request to the hospital to provide a copy of certain patient records on an external storage device as part of a survey. The information was provided, but the storage device was misplaced by a Colorado health department surveyor.

The state health department has a policy that requires data on external storage devices to be encrypted; however, Cedar Springs Hospital learned on October 28, 2020 that the device was not encrypted. Consequently, protected health information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, patient ID numbers, diagnoses, treatment information, dates of treatment, treatment location, treating physician and prescription information could potentially be accessed by unauthorized individuals.

A review of the data on the device was completed on November 9, 2020 and affected individuals are now being notified. Additional safeguards are being implemented to prevent any further incidents of this nature from exposing patient information.

Konikoff Dental Associates Discover Unauthorized Network Access

Konikoff Dental Associates, d/b/a Konikoff Dental Associates Harbour View, has discovered an unauthorized individual gained access to its computer network and potentially viewed or obtained patient information.

Suspicious activity was identified on its network on October 11, 2020 and an investigation was immediately launched to determine the extent and nature of the breach. Assisted by third-party forensic specialists, it was determined that unauthorized individuals had accessed certain files on the network that contained patient information.

The investigation confirmed the breach occurred between September 18, 2020 and October 13, 2020. A review of the files revealed they contained individuals’ names, addresses, dental diagnoses and treatment information, patient account numbers, billing information, dentists’ names, bank account numbers, and health insurance information.

No reports have been received that suggest patient data has been misused, and while files were accessed, no specific evidence was found to indicate patient information was actually viewed or obtained.

Staff training on data security has now been enhanced and a review of system security is being conducted. Additional safeguards will be implemented, as appropriate, to improve security.

Central Health Investigates Travis County Health District Cyberattack

Central Health in Texas is investigating a cyberattack that has affected Travis County Health District. A security incident was detected on December 4 involving unauthorized access on a computer server. An investigation is currently underway to determine the extent and scope of the breach, and whether protected health information has been compromised.

Forensic specialists have been engaged to analyze the software, hardware, and data affected. At this stage in the investigation, it does not appear that employee or patient data has been compromised. Further information on the breach will be shared at the conclusion of the investigation.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.