Utah Ransomware Attack, Alive Hospice Mailing Error and Community Psychiatric Clinic Breaches Compromised Patient Data

Premier Family Medicine, which is a physician group located in Utah, notified 320,000 patients concerning the potential exposure of their protected health information (PHI) caused by a ransomware attack that affected ten facilities located in Utah County.

On July 8, 2019, the ransomware attack occurred and prevented the Family Medicine’s staff from accessing patient files and certain systems. On August 30, 2019, a breach notice shared on its website explained that law enforcement had been notified concerning the incident and technical consultants are looking into the breach to reestablish access to patient files and systems. It is not known if the hacker’s ransom demand was paid.

Though investigation findings showed no proof of access or theft of patient data, Premier Family Medicine chief officer, Robert Edwards reported that action had been taken to further boost their system security.

Alive Hospice Breach Notification Breaches Further Patient Information

Alive Hospice based in Tennessee encountered a data breach at the beginning of this year. Breach notification letters were sent to affected patients on July 3, 2019; nevertheless, an error in mail merging resulted in the delivery of letters to wrong recipients.

The notification letters only contained the name of the supposed recipient, so the person who would accept the letter will know the name of the Alive Hospice patient supposed to receive the letter. No other patient information was compromised.

Alive Hospice informed all impacted persons by mail and took steps to avert the same mailing errors down the road. The number of patients impacted at the moment is still uncertain.

Three Breaches at Community Psychiatric Clinic

Three email security breaches at Community Psychiatric Clinic located in Seattle, WA impacted 15,537 patients. Despite these incidents, Sound in Washington, a mental health and addiction treatment service provider, just merged with Community Psychiatric Clinic and will take effect in fall 2019.

The information about the breaches is limited. There is no press release about the breaches by Community Psychiatric Clinic nor any mention of them by Sound. The Department of Health and Human Services’ Office for Civil Rights’ breach portal listed the three breaches separately on August 15, 2019 impacting 3,030, 6,641, and 5,866 people.