PHI Exposed in Security Incidents at Georgia Pines CSB & Ballad Health
Security incidents have recently been reported by Georgia Pines CSB and Ballard Health, which have involved the protected health information (PHI) of 28,295 individuals.
Ballad Health Discovers Breach of Employee Email Account
Ballard Health, an integrated community health improvement organization serving communities in the Appalachian Highlands in Northeast Tennessee, Southwest Virginia, Northwest North Carolina, and Southeast Kentucky, has recently discovered an unauthorized individual has accessed the email account of one of its employees.
Suspicious activity was detected in the email account of an employee on or around January 13, 2022. The email account was immediately secured, and a forensic investigation was conducted to determine the nature and scope of the breach. On February 17, 2022, it was determined that the email account was accessed for a short period by an unauthorized individual who may have viewed or acquired information in the account.
A review of the emails in the account confirmed on March 16, 2022, that they included the protected health information of 4,295 patients, such as names, dates of birth, medical histories, medical conditions, treatment information, medical record numbers, diagnosis codes, and patient account numbers. It was not possible to tell which emails, if any, had been viewed or obtained.
Get The Checklist
Free and Immediate Download
HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
Ballard Health said it will continue to educate the workforce on the importance of security measures that must be taken by employees to protect its email system.
Laptops Stolen from Georgia Pines Community Service Board
Two laptop computers containing the protected health information of up to 24,000 patients were stolen in a break-in at Georgia Pines Community Service Board (CSB) at some point between April 6 and April 7, 2022. Georgia Pines CBS staff discovered the break-in at its main campus on the morning of April 7, 2022.
The laptops contained files that included protected health information such as names, addresses, Social Security numbers, and medical records. No evidence has been found to indicate any information on the laptops has been viewed or misused by unauthorized individuals, but unauthorized access and misuse cannot be ruled out.
Notification letters started to be sent to affected individuals on April 7, 2022.