Pardee UNC Health Care Theft and Addison County Home Health & Hospice Email Breach

Several patients of Pardee UNC Health Care are being notified about the potential exposure of their protected health information (PHI) as a result of a break in at its facility in 2029 Asheville Hwy, Hendersonville, NC. The thieves also stole electronic equipment. The incident was discovered on May 9, 2019.

Pardee believes that electronic PHI was not exposed since there were no hard drives in the computers. However, a pile of 590 Federal Drug Testing Custody Control forms were stored in the basement. The forms contained patient data like names, birth dates, phone numbers, social security numbers, name of employers, driver’s license numbers, and drug screening test results done in October 2003 up to December 2004.

Pardee Officials explained that there’s no evidence that support the certainty of patient information theft. However, there is still the possibility of PHI compromise because the thieves could have very easily seen the stack of files while they were inside the basement.

Pardee UNC already transferred all files to a secure storage. In the past, the company paperwork were put away in several locations but only one secure storage place is being used now.

Pardee UNC Health Care is reviewing its training program for employees as well as its protocol and policies for record retention. These matters will be adjusted as needed to strengthen security. The affected patients, the number of which is still unknown, will receive credit monitoring protection services for one year.

In another breach report, Addison County Home Health & Hospice in Vermont reported an email security breach that caused the potential exposure of PHI of 758 patients. The hospice found out about the breach on April 26, 2019 and had it investigated. It was confirmed by the investigators that the account was first accessed by unauthorized person/s on February 19, 2019.

The analysis of the email account showed that some information were compromised including names, clinical information, and medical record numbers. The Social Security numbers (for a number of patients) were potentially compromised also.

Patients whose Social Security numbers were compromised were offered 12-month membership to credit monitoring and identity protection services without charge. The hospice will additionally increase its technical security measures and provide additional training to employees about the identifying phishing emails.