HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Server Compromise at Tarleton Medical: PHI Potentially Accessed

Hacking continues to be a leading cause of healthcare data breaches. There have been 55 data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) as of March 13, 2017, a quarter of which were attributed to hacking. While unauthorized access/disclosure is the leading cause of healthcare data breaches in 2017 with 44% of the total number of reported breaches, hacking incidents have exposed more records. 260,277 patient and health plan member records have been compromised in hacking incidents – 60% of the total number of healthcare records exposed in 2017.

The two largest healthcare data breaches of the year to date and seven of the top ten healthcare data breaches of 2017 were due to hacking. A network server was compromised in all of those incidents. The largest hacking incident of 2017 impacted 85,995 patients of VisionQuest Eyecare of Indiana. The second largest incident, which impacted 79,930 individuals, was reported by Emory Healthcare and involved a hacked MongoDB database.

Hacked Network Server Discovered by CA-Based Tarleton Medical

The latest hacking incident affects Rancho Mirage, CA-based Tarleton Medical. On January 6, 2017, the medical practice run by Dr. Harold Tarleton, MD, discovered a server had been inappropriately accessed. Upon discovery of the security breach, prompt action was taken to isolate the server and secure patient data. A third-party computer forensics firm was brought in to conduct an investigation to determine the extent of the breach.

On February 2, 2017, the forensics firm determined that the server had been inappropriately accessed by a third party and the PHI of patients was potentially viewed. Information stored on the hacked server included names, addresses, birth dates, healthcare claims information and Social Security numbers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

A breach notice has been submitted to the California attorney general’s office and the Department of Health and Human Services Office for Civil Rights. The latter notification indicates 3,929 individuals have been impacted by the breach, all of whom have been offered identity theft protection and credit monitoring services without charge for a period of 12 months.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.