PHI Exposed in Data Breaches at Clinivate, McLaren Port Huron Hospital, and Kaiser Permanente

Californian EHR Vendor Announces Exposure of 77,652 Records

Regarding the data breach report submitted to the HHS’ Office for Civil Rights on June 2, 2022, there is an update by Clinivate based in Pasadena, CA, an EHR solutions provider for behavioral health companies and schools.

As per a breach notice submitted to the California Attorney General, strange activity was identified in its digital account on March 23, 2022. A forensic investigation established unauthorized access by a third party to its network. On May 25, 2022, it was found out that the files accessed by that third party from March 12, 2022 to March 21, 2022 contained the protected health information (PHI) of persons.

The files held the PHI of 77,652 persons, which include names, health plan beneficiary numbers, medical record numbers, treatment details, diagnosis details, other medical data, and data regarding payments for health care services.

Clinivate has informed impacted people and stated it has put in place extra security procedures to avert more data breaches.

McLaren Port Huron Hospital Reports Breach of PHI of 49,000 People in MCG Health Cyberattack

McLaren Port Huron Hospital has reported the protected health information of some patients was breached in a cyberattack at a prior business associate, MCG Health. MCG Health gives patient care guidelines to a lot of health plans and more or less 2,600 hospitals in America. On March 25, 2022, MCG Health uncovered that an unauthorized third party acquired information from its system that contained data elements, for instance, names, medical codes, Social Security numbers, postal addresses, telephone numbers, email addresses, birth dates, and sexuality. Numerous MCG Health clients were affected by the attack.

McLaren Port Huron Hospital mentioned it was advised concerning the breach on June 9, 2022. The late information meant it hasn’t performed its own investigation to find out the likelihood of an actual breach of patient data. However, it has sent notices to all impacted persons to tell them of the likelihood that their PHI was stolen. McLaren Port Huron Hospital halted utilizing MCG Health in 2019.

The data breach report is sent to the HHS’ Office for Civil Rights as impacting 48,957 McLaren Port Huron Hospital patients. Impacted people were given free identity theft protection and credit checking services for two years.

Kaiser Permanente Announces Theft of iPad That Contains PHI

Kaiser Permanente has begun informing a number of persons regarding the theft of an iPad that held their PHI. The iPad was kept in a secured storage space at the Kaiser Permanente Los Angeles Medical Center. An anonymous person broke into the storage room and took the iPad, and likewise acquired the password for opening the gadget.

The device was employed at a Kaiser Permanente COVID-19 testing center and contained pictures of COVID-19 specimen labels and PHI including names, health record numbers, dates of birth, and the dates and areas of service. The theft was found out on the same day and Kaiser Permanente remotely removed the information on the unit, which include all photos.

Kaiser Permanente stated it has transported devices that contain PHI to a safer area and has toughened its internal practices and processes. Kaiser Permanente mentioned the iPad held the PHI of roughly 75,000 health plan members.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at