Insider Breach at Beaumont Health and Ex-VA Employee Jailed for Leaking Army Major Health Data

Beaumont Health in Southfield, MI, a non-profit 8-hospital health system, learned about the unauthorized access to its patients’ health data by an ex-employee who likely disclosed protected health information (PHI) with another person.

Upon knowledge of the unauthorized access of health documents, the hospital system started an internal investigation. The access logs of the ex-employee were examined and showed the unauthorized access initially took place on February 1, 2017 and went on until October 22, 2019. Then, the healthcare provider learned about the data breach in December 2018.

Beaumont Health mentioned its internal investigation established on December 10, 2019 that the ex-employee had access to the health records of 1,182 patients for 20 months. The data likely acquired and exposed included names, email addresses, addresses, contact phone numbers, Social Security numbers, dates of birth, health insurance details, and reasons for seeking health care.

The person with whom the ex-employee shared the data was associated with a personal injury attorney. A lot of the patients whose data were accessed had gotten treatment for injuries acquired in motor vehicle accidents.

Once unauthorized access was affirmed, Beaumont Health terminated the employee for breaking hospital guidelines and HIPAA Regulations. The data breach report has been sent to authorities and Beaumont Health stated it will help law enforcement in case of pursuing prosecution. The incident was additionally reported to the Michigan Health and Hospital Association.

Beaumont Health sent by mail notification letters to all impacted patients. People who had their Social Security numbers exposed likewise got offers of credit monitoring and identity theft protection services. Individuals were told to be careful about the danger of identity theft and fraud and were instructed to monitor their explanation of benefits statements and accounts diligently and to report in case of misuse of their information.

To avoid the happening of identical breaches, Beaumont Health kept up to date its internal policies and procedures.

Previous VA Employee Got Sentence for Leaking Health Records of Ex-Army Major

Jeffrey Miller, 40, of Huntington, WV, a Department of Veteran Affairs’ Benefits Administration ex-employee, received his sentence for the unauthorized access of the health records of veterans and for exposing the healthcare data of ex- U.S. Army major who campaigned for a position in Congress in West Virginia.

Miller pleaded guilty to obtaining the health information of 6 veterans, among them was the retired Army Major, Richard Ojeda. Photos of the information were obtained and mailed to a friend. The picture of Ojeda’s healthcare records was then handed out to high-ranking Republicans in an effort to manipulate his 2018 election campaign for the 3rd Congressional District in West Virginia.

The federal court announced the sentence on Miller on January 21, 2020 and will be imprisoned for 6 months.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone