PHI Exposed Due to Pardee UNC Health Care Break In and Addison County Home Health & Hospice Email Breach

Pardee UNC Health Care is informing a number of patients concerning the potential compromise of some of their protected health information (PHI) when thieves broke into the basement of a building in its facility and stole electronic equipment. The break-in at the 2029 Asheville Hwy, Hendersonville, NC facility was discovered on May 9, 2019.

It is believed that there was no exposure of electronic PHI because the computers did not come with hard drives. However, there was a stack of 590 Federal Drug Testing Custody Control forms found in the basement. The forms contained information such as names, telephone numbers, birth dates, employers’ name, driver’s license numbers, social security numbers, and drug screening test results conducted from October 2003 to December 2004.

Pardee Officials stated that no evidence was found to indicate the viewing or theft of patient information. But the possibility of PHI compromise cannot be ruled out because the stack of files were in a place that the theives can completely see as they came inside the basement.

Pardee UNC has already moved all files from the basement into a secure storage area. Previously, the company paperwork were stored in a number of locations but now they’re all in one secure storage area.

Pardee UNC Health Care is reviewing the current employee training program and the record retention protocols and policies. These will be revised as needed for reinforcement. Affected patients will be provided with one year credit monitoring protection services. The number of affected patients is still unclear.

In another report, an email security breach at Addison County Home Health & Hospice in Vermont resulted to the potential PHI exposure of 758 patients. On April 26, 2019, the center discovered the breach and had it investigated. The investigators confirmed that unauthorized access of the account first happened on February 19, 2019.

The email account analysis revealed that information such as names, clinical data, and medical record numbers were compromised. The Social Security numbers (for some patients) may have been compromised as well.

Patients who had their Social Security numbers exposed received offers of 12-month membership to credit monitoring and identity protection services for free. The hospice will further boost its technical security controls and give further training to employees concerning phishing emails identification.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone