25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI Compromised in Email Breaches at Bassford Remele & Scott County, Iowa

Posted By on Mar 5, 2025

Email account breaches have been reported by the law firm Bassford Remele & Scott County in Iowa. Birch Medical has identified unauthorized access to a folder on its network that contained patient data.

Email Data Stolen from Bassford Remele

The Minneapolis, MN-based law firm, Bassford Remele P.A., recently disclosed a data security incident that was identified on September 4, 2024. The investigation revealed unauthorized emails were sent from a third-party application purporting to be from an employee’s email account. The email account was secured, and third-party digital forensics experts were engaged to investigate the incident. The investigation confirmed there had been unauthorized access to the email account between July 29, 2024, and September 4, 2024, during which time, the unauthorized third party copied the contents of the email account.

Bassford Remele provides legal services to certain healthcare organizations, and some of the information in the account included protected health information provided by healthcare clients in connection with those services. The information varied from individual to individual and may have included names in combination with one or more of the following: contact information, dates of birth, dates of death, medical record information, diagnosis information, treatment information, provider names, Social Security numbers, driver’s license numbers, financial account information, and taxpayer information.

Individual notifications have been mailed to the affected individuals and complimentary credit monitoring and identity theft protection services have been made available. The law firm has also taken steps to strengthen security. The breach was recently reported to the HHS’ Office for Civil Rights as involving the protected health information of 4,435 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Scott County, Iowa, Reports Email Account Breach

Scott County, Iowa has recently confirmed unauthorized access to an employee’s email account. Suspicious activity was identified in a single email account on July 11, 2024, and the forensic investigation confirmed there had been unauthorized access to the account between July 10, 2024, and July 12, 2024. A comprehensive review of the account was initiated to determine whether sensitive patient information had been viewed or obtained, and that process was completed on December 31, 2024.

County officials have confirmed that the account contained the protected health information of 4,336 individuals, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information, and health insurance information. The county is providing additional training for its workforce, is implementing further technical measures to improve email security, and is reviewing and updating its policies and procedures related to data privacy.

Birch Medical Identifies Unauthorized Network Access

Birch Medical, a provider of virtual MRI consultation services to patients, has discovered unauthorized access to parts of its network. The security breach was detected in September 2024, and it was confirmed that an unauthorized third party accessed a folder on its systems that contained patient data; however, it was not possible to determine if any of the files in that folder were accessed or copied. The file review confirmed that the information potentially accessed included names and medical information related to the services provided. Social Security numbers, government issued ID numbers, and financial information were not accessed.

Birch Medical has implemented additional technical and administrative safeguards and is reviewing its policies and training protocols related to data protection. Individual notifications are now being mailed, and the security incident has been reported to regulators; however, it is currently unclear how many patients were affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist