HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Piedmont Cancer Institute Phishing Attack Impacts 5,000 Patients

Piedmont Cancer Institute (PCI) in Atlanta, GA is notifying 5,226 patients that some of their protected health information may have been viewed or obtained by an unauthorized individual who gained access to the email account of one of its employees.

Assisted by a third-party cybersecurity firm, PCI determined the email account was compromised for more than a month, with the unauthorized individual first accessing the account on April 5, 2020. The account was secured on May 8, 2020.

A review of the compromised account concluded on August 8, 2020 and revealed it contained a variety of protected health information. In addition to names, affected patients had one or more of the following data elements exposed: date of birth, medical information such as diagnosis and treatment information, financial account information, and/or credit/debit card number.

To prevent further breaches, PCI has implemented multi-factor authentication on its email accounts and has provided further training to the workforce on email security.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Potential Data Breach Discovered by McLaren Oakland Hospital

McLaren Oakland Hospital in Pontiac, MI has discovered the protected health information of 2,219 patients has been exposed and may have been accessed by unauthorized individuals.

On July 10, 2020, McLaren Oakland became aware that a computer desktop file contained an unauthorized and unsecure link to a file containing the protected health information of current and former patients.

No evidence was found to indicate any of the PHI in the file had been viewed by unauthorized individuals and no reports have been received indicating any misuse of patient information. Affected individuals have been advised to monitor their accounts and credit reports for any sign of misuse of their information as a precaution. Affected individuals have also been offered complimentary membership to identity theft protection and monitoring services.

Upon discovery of the PHI exposure, the link was disabled. The investigation revealed the link had been inadvertently rendered insecure by an employee. McLaren Oakland has reviewed its policies and procedures with staff and additional training on patient privacy and data security has been provided to employees.

Patient Records Stolen from Edmonds, WA Health and Wellness Clinic

The Health and Wellness Clinic in Edmonds, WA, a provider of “natural medicine and physical care solutions,” has suffered a break-in in which patient records were stolen.

A storage room located off the massage suite at the clinic and had a locked external door which was forced open by a burglar over the weekend of August 29-30. The room appeared to have been searched, papers had been removed from some of the files, and a box of files was discovered to be missing. The stolen records contained information such as names, dates of birth, Social Security numbers, health histories, and treatment information.

The break-in was reported to the police department which conducted an investigation that has resulted in the identification of a suspect and the box of stolen records has now been recovered. It is currently unclear how many records were taken from the clinic.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.