UMC Physicians and MSK Group Sent PHI Breach Notice to Patients

by

The email account of doctors at UMC Physicians located in Texas was attacked by hackers which brought about the likely compromise of certain protected health information (PHI) of roughly 18,000 patients. The IT staff of UMC Physicians found out about the breach on May 18, 2015 although the hacking occurred on March 15. Consequently, the hacker had access to the data saved in the email account for two months.

The investigators of the data breach did not come across any information of improper use of the patients’ PHI. Nevertheless there’s no 100% assurance that the PHI of patients was not exposed. UMC Physicians already informed the patients regarding the breach of some of their sensitive information. Furthermore, the patients were given totally free one year credit monitoring and identity theft protection services.

The information listed could have been viewed by the hacker: the patients’ names, phone numbers, addresses, birth dates, health record numbers, Social Security numbers, service dates, diagnoses and medical insurance information. To avert the breach of patients’ PHI once more, UMC Physicians improved the hospital’s security settings

A hacker acquired access to MSK Group’s network systems and was periodically accessing it for a few months. MSK Group is an integrated orthopaedic practice located in Tennessee whose IT staff only identified the breach incident on May 7, 2018. A third-party forensics company was appointed to look into it. As per the investigation, there was zero hint that the hacker stole any data. However the security firm affirmed that the hacker viewed some parts of the network that saved the health information of patients.

The information which was likely compromised comprise of the patients’ names, phone numbers, fax numbers, addresses, email addresses, dates of birth, driver’s license numbers, diagnostic pictures, photos, Social Security numbers and medical record data.

MSK Group mailed out a breach notice to all impacted patients on July 9 and gave them 12 months free credit monitoring and identity theft protection services. MSK Group did not disclose the number of patients impacted by the breach. The security experts are still doing the necessary improvements in its network safety control measures.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]