PHI Exposed Due to Ambry Genetics and Arizona Endocrinology Center Breaches

Ambry Genetics, a genetic testing lab located in Aliso Viejo, CA, is informing 232,772 persons about the compromise of their protected health information (PHI) because of a email security breach. With roughly 233,000 records, this healthcare data breach is the number two biggest ever reported in 2020.

Ambry Genetics found an unauthorized person accessed the email account of a worker from January 22 to January 24, 2020 and probably viewed and downloaded the PHI of its patients. The security group and third-party computer forensics professionals could not verify the viewing or stealing of any details in the breached email accounts, nevertheless, no report was obtained that indicate the improper use of any private data.

An analysis of the compromised email accounts showed that they consist of data like names, medical details, and other data correlated to the services offered by Ambry Genetics. The Social Security numbers of some persons were also compromised.

Ambry Genetics has undertaken steps to strengthen security and gave workers even more training regarding email security.

Ex- Arizona Endocrinology Center Doctor Discloses PHI of 74,000 Patients to New Company

Arizona Endocrinology Center is informing 74,122 patients concerning the impermissible disclosure of their PHI to a medical group by a doctor who left the Arizona Endocrinology.

before Dr. Dwivedi quit Arizona Endocrinology Center, he duplicated patient information and shared the data to More MD, his new company. The doctor copied from the EHR the following data: patient names, addresses, phone numbers, healthcare record numbers, and the primary physician of patients. Dr. Dwivedi didn’t get any Social Security number, medical insurance data, or financial facts.

Arizona Endocrinology Center discovered the breach on February 17, 2020 when patients reported that they got sms from More MD informing them that Dr. Dwivedi is now with the medical group. More MD furthermore promoted its services in the sms. The breach investigation showed the information was copied on January 12, 2020.

Arizona Endocrinology Center advised its patients that it doesn’t have any business connection with More MD and that Dr. Dwivedi isn’t working with Arizona Endocrinology Center anymore. Hence, it was hard to acquire guarantees that patient files were already erased and isn’t going to be used. The practice stated on its webpage that their patients and their families can freely get in touch with Dr. Dwivedi and More MD to question them concerning their personal data.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at