Recent Healthcare Data Breaches Due to Stolen Laptops, Unauthorized Employee Access | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Recent Healthcare Data Breaches Due to Stolen Laptops, Unauthorized Employee Access

February 11, 2016
by Heather Landi
| Reprints
Click To View Gallery

There were a number of reported healthcare data breaches this week, including Miami-based Jackson Health System reporting that a “rogue” hospital employee may have stolen confidential patient information affecting more than 20,000 patients.

Also this week, the Washington State Health Care Authority (HCA) reported that an employee improperly handled the personal identification and private health information of 91,000 Medicaid patient files. And, auditing company Seim Johnson also reported a potential healthcare data breach that could affect more than 30,000 people.

Jackson Health System

In a press release posted to its website Tuesday, Jackson Health System that it has launched a full investigation and is cooperating with law enforcement agencies after it discovered a “rogue” hospital employee may have stolen confidential patient information, including names, birthdates, social security numbers and home addresses over the last five years.

The health system then posted an update Wednesday reporting that the employee in question, Evelina Reid, a hospital unit secretary, had her employment terminated. The health system said it is continuing to cooperate with law enforcement agencies on this investigation.

According to a Miami Herald article, hospital officials told the newspaper that the employee may have inappropriately accessed around 24,000 patient records.

Washington State HCA

The Washington State HCA reported that an employee error resulted in a healthcare data breach compromising 91,000 Medicaid patient files. The agency said in a statement posted to its website Tuesday that it had sent notification letters to 91,000 Apple Health clients of the data breach and the information affected includes clients’ social security numbers, dates of birth, Apple Health client ID numbers and private health information.

According to the statement, two state employees in two state agencies exchanged Apple Health client files in violation of requirements under the federal Health Insurance Portability and Accountability Act (HIPAA). Both employees assert that the exchange of information occurred because the HCA employee needed technical assistance with spreadsheets that contained the data and that the information was not used for any additional unauthorized purposes or forwarded to any other unauthorized recipients. The breach was discovered in the course of a whistleblower investigation into misuse of state resources.

Both individuals’ employment has been terminated, and the Washington State HCA said it is notifying the appropriate federal officials for further investigation and potential criminal review.

“While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” HCA Risk Manager Steve Dotson said in a statement.

Seim Johnson

Omaha, Neb.-based Seim Johnson, an accounting and consulting services company, reported to the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) a data breach affecting 30,972 individuals due to a stolen laptop. Information about the breach was posted on the OCR online data breach reporting tool.

According to a HealthITSecurity.com article, Community Hospital in Nebraska may have bee one of the affected facilities as it had received a notification letter from Seim Johnson regarding a stolen laptop that may have contained patient's personal information. The article states that the hospital was notified that an employee laptop was stolen in Nashville in December 2015 and potentially exposed information likely includes patient names, a personal identifier such as a patient account number and medical record number.

Topics

News

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.