Skip to content Skip to navigation

Recent Healthcare Data Breaches Due to Stolen Laptops, Unauthorized Employee Access

February 11, 2016
by Heather Landi
| Reprints
Click To View Gallery

There were a number of reported healthcare data breaches this week, including Miami-based Jackson Health System reporting that a “rogue” hospital employee may have stolen confidential patient information affecting more than 20,000 patients.

Also this week, the Washington State Health Care Authority (HCA) reported that an employee improperly handled the personal identification and private health information of 91,000 Medicaid patient files. And, auditing company Seim Johnson also reported a potential healthcare data breach that could affect more than 30,000 people.

Jackson Health System

In a press release posted to its website Tuesday, Jackson Health System that it has launched a full investigation and is cooperating with law enforcement agencies after it discovered a “rogue” hospital employee may have stolen confidential patient information, including names, birthdates, social security numbers and home addresses over the last five years.

The health system then posted an update Wednesday reporting that the employee in question, Evelina Reid, a hospital unit secretary, had her employment terminated. The health system said it is continuing to cooperate with law enforcement agencies on this investigation.

According to a Miami Herald article, hospital officials told the newspaper that the employee may have inappropriately accessed around 24,000 patient records.

Washington State HCA

The Washington State HCA reported that an employee error resulted in a healthcare data breach compromising 91,000 Medicaid patient files. The agency said in a statement posted to its website Tuesday that it had sent notification letters to 91,000 Apple Health clients of the data breach and the information affected includes clients’ social security numbers, dates of birth, Apple Health client ID numbers and private health information.

According to the statement, two state employees in two state agencies exchanged Apple Health client files in violation of requirements under the federal Health Insurance Portability and Accountability Act (HIPAA). Both employees assert that the exchange of information occurred because the HCA employee needed technical assistance with spreadsheets that contained the data and that the information was not used for any additional unauthorized purposes or forwarded to any other unauthorized recipients. The breach was discovered in the course of a whistleblower investigation into misuse of state resources.

Both individuals’ employment has been terminated, and the Washington State HCA said it is notifying the appropriate federal officials for further investigation and potential criminal review.

“While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” HCA Risk Manager Steve Dotson said in a statement.

Seim Johnson

Omaha, Neb.-based Seim Johnson, an accounting and consulting services company, reported to the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) a data breach affecting 30,972 individuals due to a stolen laptop. Information about the breach was posted on the OCR online data breach reporting tool.

According to a article, Community Hospital in Nebraska may have bee one of the affected facilities as it had received a notification letter from Seim Johnson regarding a stolen laptop that may have contained patient's personal information. The article states that the hospital was notified that an employee laptop was stolen in Nashville in December 2015 and potentially exposed information likely includes patient names, a personal identifier such as a patient account number and medical record number.



Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.

McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.