Oklahoma State University Center for Health Sciences Informs Patients of PHI Breach

Share this article on:

Oklahoma State University Center for Health Sciences (OSUCHS) has discovered an unauthorized individual has gained access to parts of its computer network and potentially accessed files containing billing information of Medicaid patients.

The security breach was discovered on November 7, 2017 with access to the network terminated the following day. Third party computer forensics experts were called upon to conduct a comprehensive investigation to determine which parts of the network had been accessed, and whether patient health information had been accessed or stolen.

The investigation confirmed that patient health information could potentially have been viewed, although it was not possible to determine whether patient information had been accessed or stolen. OSUCHS reports that it has not received conclusive information to suggest any patient information has been misused.

Out of an abundance of caution, all individuals potentially impacted by the incident have been notified of the breach by mail and advised that they should be alert to the possibility that their personal information could potentially be misused.

OSUCHS says medical records were not compromised and the breach was limited to names, healthcare provider names, Medicaid numbers, dates of service, and a limited amount of treatment information. Only one Social Security number was present on the compromised server.

The breach has prompted OSUCHS to conduct a review of security protections and additional measures have now been implanted to better protect patient information in the future.

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal so it is currently unclear exactly how many individuals have been impacted.

Author: HIPAA Journal

Share This Post On