The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Prisma Health Website Breach Potentially Impacts 22,000 Individuals

Posted By on Oct 30, 2019

Prisma Health Midlands is notifying approximately 19,000 patients and 3,000 employees about a data breach involving the Palmetto Health website.

Prisma Health – formerly Palmetto Health – learned on August 29, 2019 that an unauthorized individual had obtained the login credentials of a Prisma Health employee. Those credentials allowed the attacker to access the Palmetto Health website, which contained volunteer registration information and patient pre-registration forms that had been completed online.

Those forms related to 6 Midlands hospitals and contained information such as names, addresses, dates of birth, limited health information and, for certain individuals, their Social Security number. No medical records or financial information were exposed. Prisma Health was not able to determine for how long the credentials were accessible.

Upon discovery of the incident, the employee’s password was changed to prevent any further unauthorized access and policies and procedures are being updated to prevent similar breaches in the future. Affected individuals have been notified by mail and individuals whose Social Security number was exposed have been offered complimentary credit monitoring and identity theft protection services for 12 months.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Prisma Health has suffered multiple privacy breaches this year. In April, Prisma Health announced it had been the victim of a phishing attack that saw the email accounts of several employees accessed by an unauthorized individual. The PHI of 23,811 individuals was exposed as a result of the attack. A further privacy breach was announced in July when a notebook containing the PHI of OB/GYN patients from its Richland Campus in Columbia was discovered to have been stolen from a physician’s car. Information on up to 2,770 individuals was recorded in the notebook.

Seattle Cancer Care Alliance Email Error Exposed Patients’ Email Addresses

944 patients of Seattle Cancer Care Alliance (SCCA) have had their email addresses exposed to other patients as a result of an error by a member of staff when sending an August 27, 2019 email invitation.

Rather than adding email addresses to the blind carbon copy (BCC) field, thus shielding the recipients’ email addresses from each other, the email addresses were added to visible fields and could be seen by all individuals who received the email invitation. No other information was disclosed.

SCCA is now evaluating its systems, policies and procedures and safeguards will be implemented to prevent similar breaches in the future. Notification letters were sent to affected patients on October 16, 2019.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist