St. Francis Physicians Services Notifies Patients of Milestone Family Medicine Data Breach

Bon Secours St. Francis Health System is notifying patients about a security breach that may have resulted in some of their protected health information (PHI) being viewed/obtained by unauthorized individuals who gained access to the systems of Milestone Family Medicine in Greenville, SC.

Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019, and had previously employed physicians at the practice. SFPS learned of a security breach at the practice on January 4, 2019 and took steps to secure systems and prevent further unauthorized access. An investigation was launched and, assisted by a third-party computer forensics firm, SFPS determined that one of the servers that was accessed included the PHI of certain patients.

The attack appears to have targeted EHR systems that were accessible over the Internet. Internet connections providing access to Milestone Family Medicine systems that are not actively being used have been shut down.

The types of information that have been compromised include names, addresses, dates of birth, health insurance information, Social Security numbers, and information related to the medical services provided to patients.

The breach was limited to patients who had previously received medical services at Milestone Family Medicine. Breach notification letters are now being sent to affected individuals and SFPS has offered complimentary credit monitoring and identity theft protection services.

While data theft was possible, no reports have been received to indicate any patients’ PHI has been misused. Affected patients have been advised to monitor their accounts and explanation of benefits statements for indicators of fraudulent activity.

SFPS has said technology management and information security risk oversight are being enhanced to prevent any further breaches of PHI and that the decision to end the affiliation with Milestone Family Medicine was not related to the breach.

The Department of Health and Human Services’ Office for Civil Rights website indicates 32,178 Milestone Family Medicine patients have been affected by the breach.

Patient Records Potentially Accessed During Rocky Boy Health Center Break-in

Patients health records have potentially been compromised during a break-in at the offices of Rocky Boy Health Center in Box Elder, MT.  The health center discovered the break-in on January 16, 2019. Thieves are believed to have gained entry to the property on or around January 14 by forcing the door lock and padlock.

The offices contained X-Ray and dental records dating back to the 1990’s. The records contained PHI such as names, diagnosis codes, and Social Security numbers.

The break-in was reported to law enforcement and all records stored at the offices have been removed and scanned into the electronic medical record system. The physical records have now been shredded.

The records of 971 patients were stored at the offices. All affected individuals have now been notified.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.