Data Breaches at St. Margaret’s Health Spring Valley, Pitkin County, Colorado, and HarborChase Nursing Home

St. Margaret’s Health Spring Valley in Illinois is looking into a cyberattack that happened on February 20/21, 2021. The hospital’s IT team discovered the security breach on February 21. To control the breach, the hospital had to shut down its computer system and all internet-based programs such as email and its patient website.

The hospital implements a security system to safeguard against attacks and data breaches. It is presently uncertain how the attackers bypassed those systems. Third-party cybersecurity specialists are now helping with the investigation and mitigation efforts.

St. Margaret’s Health had created and trained for emergency situations such as computer downtime operations. And so the hospital has quickly switched to using pen and paper to record patient data. While the email system is down, the hospital is using telephone and fax for communication. It is at the moment uncertain how many hours or days the systems will be unavailable.

The cyberattack didn’t impact the computer networks of St. Margaret’s Peru, since those computer systems are not yet synchronized with St. Margaret’s Spring Valley. The hospital continues to provide patient care; nonetheless, diagnostic imaging procedures were transferred to St. Margaret’s Peru at the moment while remediating the security breach.

Since the investigation of the breach is still in its early phases, there is no evidence found yet that suggests the compromise of any patient data.

Exposure of COVID-19 Contact Tracing Information of Residents of Pitkin County, Colorado

The personal data of 1,454 locals of Pitkin County, CO was disclosed on the internet and it’s possible that unauthorized persons may have accessed them. The data exposure was because of an error that happened during the setup of the county’s COVID-19 contact tracing system.

The following types of data were exposed: names, birth dates, employer data, date of start of COVID-19 symptoms, date, and kind of COVID-19 test obtained, test results, whether the persons had a flu jab, details on school and childcare utilized by persons, and whether the persons had any primary health issues. The data was publicly accessible online from October 1, 2020 to December 14, 2020.

A problem happened while setting up the software that is used to transfer the data to the website. The error caused certain fields to be made accessible. Although it isn’t possible to find out if unauthorized individuals accessed any data in the period it was viewable, the county thinks a number of people might have acquired the data.

Pitkin Country is giving free credit monitoring and identification restoration services for 12 months to affected persons.

Documents With PHI of HarborChase Nursing Home Residents Thrown in Florida Streets

Documents that contain the PHI of residents of the HarborChase senior living facility located in Mandarin, Jacksonville, FL were seen thrown around the streets of St. John’s County. According to First Coast News, residents who found the paperwork reported the privacy breach. Some of the documents contained sensitive data like names, addresses, prescription details, and Social Security numbers.

A number of the data belong to patients of Guardian pharmacy. They were alerted about the breach and then informed HarborChase. A First Coast News report revealed that HarborChase is inquiring about a document shredding firm it hired to safely dispose of documents with patient data. HarborChase stated that it gave instructions regarding the safe disposal of all the documents.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at