Patient Information Compromised at Phoenixville Hospital, Family Practice Center, and Southwest Health Center
Phoenixville Hospital Fires Employee for HIPAA Violation
Phoenixville Hospital in Pennsylvania has recently fired an employee for accessing the medical records of patients without authorization. According to the hospital operator, Tower Health, the unauthorized access was discovered during a routine audit of medical record access logs.
An employee was discovered to have accessed the medical records of 934 patients without authorization between October 2021 and May 2022, when there was no legitimate work reason for viewing those records. When the privacy violation was discovered, the employee was immediately suspended pending an internal investigation and was later fired for the HIPAA breach.
The employee viewed names, addresses, dates of birth, appointment dates, diagnoses, vital sign information, medications, test results, and physicians’ notes. Some of the accessed records included partial Social Security numbers and health insurance information. Tower Health said additional training has been provided to the workforce regarding patient privacy and the accessing of medical records.
Family Practice Center Reports October 2021 Hacking Incident
Family Practice Center in Pennsylvania has recently started sending notification letters to patients whose protected health information was exposed in an October 2021 cyberattack. According to the substitute breach notice on its website, an attempt was made to shut down its computer systems on October 11.
An investigation was launched and on May 21, 2022 – 7 months after the discovery of the attack – it was determined that some of the files accessed in the incident included patient data such as names, addresses, medical insurance information, and health and treatment information. Patient medical records were not involved. Notification letters were sent to affected individuals on July 5, 2022. Family Practice Center said it is unaware of any misuse of patient information.
The HHS’ Office for Civil Rights breach portal indicates 83,969 individuals have been affected.
Southwest Health Center Suffers Cyberattack
The Platteville, WI-based non-profit community healthcare provider, Southwest Health Center, has recently started notifying patients about a cyberattack that was first discovered on January 11, 2022. A forensic investigation determined that an unauthorized third party accessed files containing the personal and protected health information of current and former employees, their dependents, and patients who received healthcare services at Southwest Health.
The information compromised in the breach included names, dates of birth, Social Security numbers, driver’s license or state identification card numbers, financial account numbers, medical information, and/or health insurance information. Complimentary credit monitoring and identity theft protection services have been offered to affected individuals.
The HHS’ Office for Civil Rights breach portal indicates 46,142 individuals have been affected.