Cedar Springs Hospital located in Colorado Springs, CO is sending notification to a number of patients regarding the loss of a portable storage device that contained some of their protected health information (PHI) last October 2020. The hospital provided a copy of selected patient data stored on an external storage unit to the Colorado Department of Public Health and Environment upon their request as part of a survey. However, a Colorado health department surveyor misplaced the storage unit.
The policy of the state health department requires the encryption of data saved on external storage devices; however, Cedar Springs Hospital found out on October 28, 2020 that the device was not encrypted. As a result, protected health information like names, addresses, birth dates, Social Security numbers, patient ID numbers, medical record numbers, diagnoses, treatment details, location of treatment, dates of treatment, treating physician, and prescription data can potentially be accessed by unauthorized people.
An evaluation of the information on the device was finished on November 9, 2020 and affected persons are now being informed about the incident. Additional security procedures are being put in place to avoid any similar occurrences that expose patient details.
Konikoff Dental Associates Discover Unauthorized Network Access
Konikoff Dental Associates, also known as Konikoff Dental Associates Harbour View, uncovered that an unauthorized individual obtained access to its computer network and possibly viewed or copied patient records.
On October 11, 2020, Konikoff Dental Associates identified suspicious activity on its system and immediately investigated the incident to find out the magnitude and nature of the incident. With the help of third-party forensic professionals, it was established that unauthorized people got access to certain files on the network that included patient data.
As per the investigation, the breach happened from September 18, 2020 to October 13, 2020. An analysis of the files revealed that they contained names, addresses, patient account numbers, dental diagnoses and treatment data, billing details, dentists’ names, health insurance data, and bank account numbers.
There was no report received concerning the misuse of patient information, and although files were accessed, there was no particular evidence that indicates the actual viewing or acquisition of patient information.
Konikoff Dental Associates already enhanced the training of workers on data security and is conducting a review of system security. Extra security measures will be enforced, if necessary to strengthen security.
Travis County Health District Cyberattack Investigated
Central Health in Texas is looking into a cyberattack that impacted Travis County Health District. On December 4, the organization detected a security occurrence involving computer server hacking. An investigation is presently in progress to know the magnitude and scope of the data breach, and whether there was a compromise of PHI.
Forensic experts were engaged to evaluate the software program, hardware, and data affected. At this point, it seems that there was no compromise of the employee or patient information. More data on the breach will be disclosed when the investigation ends.