Reported Data Breaches in Three Healthcare Providers

JEV Plastic Surgery & Medical Aesthetics based in Owing Mills, MD has begun informing 1,620 patients regarding the compromise of some of their protected health information (PHI) due to a security incident.

The malware was noticed which permitted an unauthorized individual to get access to systems that held protected health information.

A third-party forensic expert helped the investigation and confirmed that the malware was installed on April 30, 2021, and permitted access to its systems until June 14, 2021. A thorough analysis of files on the affected systems was performed to find out whether any patient data was viewed or acquired. It was affirmed by JEV Plastic Surgery on September 8, 2021 that files on the compromised systems included PHI like names, dates of birth, consultation notes, surgical operative records, and medical histories. JEV Plastic Surgery says it did not know of any actual or attempted misuse of personal information.

JEV Plastic Surgery is looking at its policies and guidelines and will modify them as required to enhance data security. New internal training procedures have likewise been employed to offset any risk related to this event and to better safeguard against future security breaches.

PHI of 2,753 Bryan Health Patients Compromised in Insider Breach

Bryan Health based in Lincoln, NE has uncovered an insider breach that impacted the PHI of 2,753 patients. An employee had accessed the medical records of patients on August 2021 even without valid work reasons.

The types of data viewed by the employee included names, personal data, and data saved in medical records; nevertheless, the access rights of that person didn’t allow the viewing of Social Security numbers or financial data.

The unauthorized access happened in September 2020, however, it wasn’t discovered until August 2021. Bryan Health informed all affected persons regarding the breach through the mail and stated that the employee is no longer working at Bryan Health

Billing Data of 946 UNC Health Patients Compromised

UNC Health located in Chapel Hill, NC found out that the billing details of 946 patients were potentially viewed by unauthorized people.

An internal analysis of billing fields in its electronic health records was done on September 9, 2021. One of the fields in the EHR recognizes persons authorized to view patient billing data, and any person listed in that field could access patients’ billing details. The people listed in those fields are typically family members of a patient or other persons who were allowed to access their billing data.

The assessment determined 946 patients who had listed a person in the health system could not confirm was permitted to access billing data. Subsequently, it is likely that details including names, addresses, fees for services, and medical-linked details may have been accessed by unauthorized persons.

No financial data, credit card data or Social Security numbers were exposed and it is believed that the impacted patients are not at financial risk. UNC Health stated it has cleared the field in its EHR, which will block authorized access of the billing details. Notification letters were sent to patients including instructions for resetting access to their billing records for named people.

Policies were also modified to control the number of workers who can update the field and staff who are allowed to access the field were trained again. Supplemental safeguards were likewise used to avoid similar issues later on.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone