5-Year Insider Data Breach at Hawaii Pacific Health Discovered

Hawaii Pacific Health found out that an employee of Straub Medical Center in Honolulu was snooping on the healthcare records of patients for over 5 years.

Hawaii Pacific Health became aware of the unauthorized access to patient records on January 17, 2020 and started an investigation. A review of the access logs showed that the first time its employee began viewing patient records was in November 2014. The snooping continued unnoticed up to January 2020. Throughout that time, the employee accessed the healthcare data of 3,772 patients. When the investigation ended, the employee was dismissed from his job.

The incident impacted patients that have gotten treatment at Kapiolani Medical Center for Women & Children, Straub Medical Center, Wilcox Medical Center or Pali Momi Medical Center. The employee might have accessed the following types of information: patients’ first and last names, phone numbers, email addresses, home addresses, birth dates, race/ethnicity, religious affiliation, medical record numbers, dates of service, primary care provider details, consultation types and corresponding notes, hospital account numbers, name of the department, names of provider, guarantor names and account numbers, Social Security numbers and health plan names.

The motive for viewing the records wasn’t established, however, Hawaii Pacific Health is convinced it was because of curiosity and not to get sensitive data for malicious reasons. Nonetheless, data theft cannot be eliminated. Hawaii Pacific Health notified all the patients whose information was viewed by the employee via mail on March 17, 2020 and offered one-year credit monitoring and identity restoration services at no cost.

Hawaii Pacific Health is going over its internal procedures and making updates to them. Additional training on patient privacy will also be provided. The health system is additionally checking out new technologies that may be implemented to determine unauthorized access of medical records and anomalous employee behavior access a lot quicker.