NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> current

[Dataloss] Large Hospital Breach Caused by Inside Inappropriate Access

From: Erica Absetz (ericariskbasedsecurity.com)
Date: Mon Jun 03 2013 - 12:17:16 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-46224-1.html

Bon Secours Mary Immaculate Hospital in Suffolk, Va., is notifying
about 5,000 patients after discovering a significant amount of
inappropriate access to patients’ electronic health records from two
employees inside the facility.

“During an April 2013 audit of a patient’s medical record, the health
system identified suspicious access that prompted an investigation,”
according to a notice the hospital issued. “The investigation revealed
that two members of the patient care team accessed patients’ medical
records in a manner that was inconsistent with their job functions and
hospital procedures, and inconsistent with the training they received
regarding appropriate access of patient medical records.”

The local newspaper Daily Press reports the employees were two
certified nurse assistants who have been terminated, and that the
breaches occurred between April 2012 and April 2013. The hospital
started using the EHR in April 2012 and the breach was the first
instance of a reportable security issue, a hospital official told the
newspaper.

Local and federal law enforcement agencies are investigating the
breach to determine if patient information was used illegally.
Compromised information includes patient names, dates and times of
service, provider and facility names, internal hospital medical
records and account numbers that may have included Social Security
numbers, dates of birth and treatment information.

The hospital is offering paid identity theft protection services to
affected patients.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]