PHI Exposed Due to Geisinger Wyoming Valley Medical Center and District Medical Group Data Breaches

District Medical Group (DMG) in Arizona, which is an integrated medical group, has commenced informing 10,190 patients about the potential compromise of some of their protected health information (PHI). On March 11, 2020, DMG learned that an unauthorized man or woman had acquired access to the email accounts of a number of its employees after responding to phishing email messages.

DMG quickly carried out a password reset to stop the unauthorized person from accessing the accounts. A prominent cybersecurity agency was hired to check out the breach. The investigation confirmed the compromise of several email accounts between February 4, 2020 and February 10, 2020.

An evaluation of messages and file attachments in the breached email accounts confirmed they comprised patient details for instance names, medical information, medical record numbers, and health insurance data. The Social Security numbers of a limited number of patients were also potentially exposed. There is no evidence uncovered that implied the attackers accessed or copied the emails.

DMG advised the affected patients to be alert and keep an eye on their accounts and statements for any hint of fraudulent activity. As a safety precaution, the medical group offered complimentary credit monitoring and identity theft protection services to individuals who had their Social Security numbers listed in the accounts.

DMG has improved employee education and has taken action to boost email security to stop more breaches from now on.

HIPAA Newshipaanews

An Employee of Geisinger Wyoming Valley Medical Center Fired for Unauthorized Health Record Access

Geisinger Wyoming Valley Medical Center (GWVMC) in Wilkes-Barre, PA found out that an employee has long been accessing patient medical records with no valid work reason.

GWVMC was notified to the probable HIPAA breach on March 20, 2020 and initiated an internal inspection. The personnel was allowed to use patient data to accomplish everyday work tasks, nevertheless it was learned that the employee viewed the medical records of 805 patients beyond those work tasks. The unauthorized access commenced in July 2017 and kept on up to March 2020.

The investigation didn’t show any proof that imply the access of health data with malicious motive. As a safety precaution, GWVMC offered complimentary credit monitoring and identity theft protection services to the affected patients.

The employee viewed the following types of information: names, phone numbers, addresses, email addresses, dates of birth, Social Security numbers, medical disorders, diagnoses, prescribed medicines, visit notes, dates of service, test results, and appointment details.

GWVMC took suitable disciplinary measures against the worker for breaking HIPAA regulations and hospital policies. The staff is no longer working at GWVMC.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone