PHI Exposed at MetroHealth, Urgent Team Holdings, and The Guidance Center

MetroHealth Reports Exposure of 1,700 Patients’ PHI

MetroHealth System based in Cleveland, OH, has advised around 1,700 patients regarding the impermissible disclosure of some PHI to other patients as a result of an error that took place during the updating of its electronic health record (EHR) system.

A misconfiguration suggested that if patient records were created for the purpose of sending to patients, information associated with other individuals was unintentionally contained in the records, like patient names, consultation data, and the healthcare providers they consulted. No other financial, personal, or medical data was affected.

The EHR provider discovered the problem and informed MetroHealth concerning the data compromise on February 10, 2022. Notification letters had been mailed to impacted people on April 11.

Urgent Team Holdings Announces Compromise of the PHI of 166,600 Persons

Urgent Team Holdings, which manages over 70 urgent care and walk-in clinics in Arkansas Alabama, Tennessee Georgia, and Mississippi, has just informed 166,601 patients that unauthorized persons possibly acquired some of their protected health information (PHI) in a cyberattack in November 2021.

Urgent Team reported it learned that the breach of its system happened between November 12, 2021 and November 18, 2021. Aided by third-party cybersecurity professionals, Urgent Team learned that the files likely exfiltrated from its systems included the PHI of patients. A detailed assessment of the files was done on January 31, 2022, and confirmed the inclusion of patients’ complete names, medical record numbers, and dates of birth.

Though data theft may have taken place, there is no proof of data exfiltration identified and there was no report gotten regarding any misuse of patient data. To strengthen security, Urgent Team has put in place multi-factor authentication and has put in supplemental layers of protection to its networks to lessen the possibility of unauthorized access. A new antivirus program was additionally used which creates warnings whenever there are attempts of unauthorized access to its systems.

Email Account Breach Reported by The Guidance Center

The Guidance Center, Inc. has lately uncovered that unauthorized people obtained access to a number of staff members’ email accounts for a brief time. As soon as the breach was identified, the email accounts were quickly made secure, and an investigation was started to find out the nature and extent of the breach.

Third-party cybersecurity specialists helped with the investigation to verify the safety of its computer networks and more security options have already been implemented to avert more attacks. An assessment of the affected email accounts showed they comprised patients’ protected health information. The types of breached information differed from person to person and might have involved names combined with at least one of the following data elements: medical treatment or diagnosis data, patient record numbers, and/or health insurance details.

The Guardian Center already sent the breach report to the HHS’ Office for Civil Rights as impacting 23,104 persons. Free identity protection and credit monitoring services were given to a number of people, dependent on the types of details that were compromised.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone