HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI Exposed in Security Incidents at Georgia Pines CSB & Ballad Health

Security incidents have recently been reported by Georgia Pines CSB and Ballard Health, which have involved the protected health information (PHI) of 28,295 individuals.

Ballad Health Discovers Breach of Employee Email Account

Ballard Health, an integrated community health improvement organization serving communities in the Appalachian Highlands in Northeast Tennessee, Southwest Virginia, Northwest North Carolina, and Southeast Kentucky, has recently discovered an unauthorized individual has accessed the email account of one of its employees.

Suspicious activity was detected in the email account of an employee on or around January 13, 2022. The email account was immediately secured, and a forensic investigation was conducted to determine the nature and scope of the breach. On February 17, 2022, it was determined that the email account was accessed for a short period by an unauthorized individual who may have viewed or acquired information in the account.

A review of the emails in the account confirmed on March 16, 2022, that they included the protected health information of 4,295 patients, such as names, dates of birth, medical histories, medical conditions, treatment information, medical record numbers, diagnosis codes, and patient account numbers. It was not possible to tell which emails, if any, had been viewed or obtained.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Ballard Health said it will continue to educate the workforce on the importance of security measures that must be taken by employees to protect its email system.

Laptops Stolen from Georgia Pines Community Service Board

Two laptop computers containing the protected health information of up to 24,000 patients were stolen in a break-in at Georgia Pines Community Service Board (CSB) at some point between April 6 and April 7, 2022. Georgia Pines CBS staff discovered the break-in at its main campus on the morning of April 7, 2022.

The laptops contained files that included protected health information such as names, addresses, Social Security numbers, and medical records. No evidence has been found to indicate any information on the laptops has been viewed or misused by unauthorized individuals, but unauthorized access and misuse cannot be ruled out.

Notification letters started to be sent to affected individuals on April 7, 2022.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.