Misconfiguration Resulted in Exposure of the PHI of 65,000 Mobile Anesthesiologists Patients

Mobile Anesthesiologists has recently discovered a limited amount of patients’ protected health information (PHI) has been exposed due to a technical misconfiguration. The error was determined to have occurred prior to December 14, 2020, and made PHI such as names, health insurance information, date of service, medical procedure, and dates of birth publicly accessible.

An investigation into the error was concluded on January 28, 2021 and confirmed that the PHI of 65,403 individuals had been exposed. While the PHI could potentially have been accessed by unauthorized individuals, no evidence of unauthorized data access or PHI misuse was discovered. Affected individuals were notified by mail starting March 10, 2021.

Haven Behavioral Healthcare Announces Breach of Systems Containing Patient Data

Haven Behavioral Healthcare, a Nashville, TN—based operator of 7 licensed, acute care behavioral hospitals, has discovered unauthorized individuals gained access to its computer network and potentially viewed and exfiltrated patient data.

A potential breach was identified on or around September 27, 2020, when unusual activity was detected in certain systems. Third party forensics experts were engaged to investigate and identify the source of the activity. The investigation confirmed that Haven had suffered a breach between September 24 and September 27, 2020.

A review of files in the affected systems was conducted and it was confirmed on January 27, 2021 that patient information may have been compromised. It took until March 11, 2021 to obtain up to date contact information for the 21,714 affected patients. Notifications were sent to those individuals from March 23, 2021.

Haven was not able to determine if any of the files containing protected health information were accessed during the 3-day security breach. The breach involved names, dates of birth, medical histories, treatment information, provider information, patient identification numbers, and health insurance information.

It is unclear how many of Haven’s hospitals have been affected by the breach. Breach notices have been published by Haven Behavioral Hospital of Philadelphia, Haven Behavioral Hospital of Eastern Pennsylvania, Haven Behavioral Hospital of Dayton, and Haven Behavioral Hospital of Albuquerque.

Email Error Results in Unauthorized Disclosure of Heart of Texas Community Health Center Patients

Heart of Texas Community Health Center has discovered the protected health information of a limited number of patients has been exposed.

An email containing patient data was sent to individuals authorized to view the information, but the email was sent to an account that was outside the protection of the firewall so could potentially have been intercepted as the email was not encrypted.

The email only included an email address and indicated the email account holder was overdue a pap smear. No names or other information were included in the email. The email only related to female patients aged 21 to 65 years of age who were seen at a Heart of Texas Community Health Center site between September and December 2020.

No reports have been received to indicate the email was intercepted or otherwise accessed by unauthorized individuals.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.