Recent Healthcare Data Breaches Due to Stolen Laptops, Unauthorized Employee Access | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Recent Healthcare Data Breaches Due to Stolen Laptops, Unauthorized Employee Access

February 11, 2016
by Heather Landi
| Reprints
Click To View Gallery

There were a number of reported healthcare data breaches this week, including Miami-based Jackson Health System reporting that a “rogue” hospital employee may have stolen confidential patient information affecting more than 20,000 patients.

Also this week, the Washington State Health Care Authority (HCA) reported that an employee improperly handled the personal identification and private health information of 91,000 Medicaid patient files. And, auditing company Seim Johnson also reported a potential healthcare data breach that could affect more than 30,000 people.

Jackson Health System

In a press release posted to its website Tuesday, Jackson Health System that it has launched a full investigation and is cooperating with law enforcement agencies after it discovered a “rogue” hospital employee may have stolen confidential patient information, including names, birthdates, social security numbers and home addresses over the last five years.

The health system then posted an update Wednesday reporting that the employee in question, Evelina Reid, a hospital unit secretary, had her employment terminated. The health system said it is continuing to cooperate with law enforcement agencies on this investigation.

According to a Miami Herald article, hospital officials told the newspaper that the employee may have inappropriately accessed around 24,000 patient records.

Washington State HCA

The Washington State HCA reported that an employee error resulted in a healthcare data breach compromising 91,000 Medicaid patient files. The agency said in a statement posted to its website Tuesday that it had sent notification letters to 91,000 Apple Health clients of the data breach and the information affected includes clients’ social security numbers, dates of birth, Apple Health client ID numbers and private health information.

According to the statement, two state employees in two state agencies exchanged Apple Health client files in violation of requirements under the federal Health Insurance Portability and Accountability Act (HIPAA). Both employees assert that the exchange of information occurred because the HCA employee needed technical assistance with spreadsheets that contained the data and that the information was not used for any additional unauthorized purposes or forwarded to any other unauthorized recipients. The breach was discovered in the course of a whistleblower investigation into misuse of state resources.

Both individuals’ employment has been terminated, and the Washington State HCA said it is notifying the appropriate federal officials for further investigation and potential criminal review.

“While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” HCA Risk Manager Steve Dotson said in a statement.

Seim Johnson

Omaha, Neb.-based Seim Johnson, an accounting and consulting services company, reported to the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) a data breach affecting 30,972 individuals due to a stolen laptop. Information about the breach was posted on the OCR online data breach reporting tool.

According to a HealthITSecurity.com article, Community Hospital in Nebraska may have bee one of the affected facilities as it had received a notification letter from Seim Johnson regarding a stolen laptop that may have contained patient's personal information. The article states that the hospital was notified that an employee laptop was stolen in Nashville in December 2015 and potentially exposed information likely includes patient names, a personal identifier such as a patient account number and medical record number.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Study will Leverage Connecticut HIE to Help Prevent Suicides

A new study will aim to leverage CTHealthLink, a physician-led health information exchange (HIE) in Connecticut, to help identify the factors leading to suicide and to ultimately help prevent those deaths.

Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.