Press Release: UMC Physicians (UMCP) is educating employees on approved cloud storage solutions and notifying patients of an incident that may have compromised the privacy of protected health information held by their clinic: UMC Southwest Gastroenterology. UMCP has no evidence of actual or attempted misuse of personal information at this time. On March 12, 2019, UMCP discovered that two employed providers had each established a Google shared drive to track follow-up tasks related to patient care, such as: lab results, appointments, procedures, and therapies. One employee was forwarding emails to an unsecured Google Gmail account. UMCP immediately retrieved and/or deleted the affected files and simultaneously started an investigation to determine the scope of the information disclosed and to identify the affected patients. Although the two providers intended to ensure good patient care by taking these actions, the security of patients’ protected health information (“PHI”) was compromised by storing it on an unsecured network. The PHI in some files included only a patient name and email address. However, some files contained some or all of the following: name, address, phone number, medical record number, date of birth, date of service, health insurance carrier, diagnosis, and/or procedure. No financial information, such as social security numbers, insurance policy numbers, or credit card information, was involved. All employees are receiving education on approved cloud storage so that an incident like this one does not occur again. UMCP will implement other solutions to prevent the use of unapproved cloud storage solutions. UMC and UMCP understand this incident may create worry and inconvenience for patients, and the health system sincerely apologizes and regrets that this incident has occurred. Patients with questions or concerns can contact our toll free dedicated assistance line at 844.446.6445, Monday-Friday, 8AM – 5PM. Any calls after hours, on the weekend, or on a holiday will be returned the next business day. Source: UMC Physicians
KCBD reports: UMC Physicians (UMCP) is notifying patients who may have been affected by a recent data breach. They are also providing patients, whose information may have been compromised, with information to safeguard against identity theft and fraud and are offering access to one year of credit monitoring and identity restoration services at no cost. According to officials, on May 18, the UMCP IT team discovered an employee’s email account was hacked on March 15, potentially compromising the personal health information of more than 18,000 patients. Read more on KCBD.
Tristan Stewart-Robertson reports that a Drumchapel Social Work staff member’s bag with a laptop and notebook with confidential information about child clients and their families was found in the street by a member of the public on April 22. This includes full names, dates, medical issues and even criminal histories of children and families in the north of the city. The Glasgow City Council opened an investigation. I wonder when the council was notified of the loss – was it notified right away by the employee or did it only find out when the bag was returned to them by the Evening Times?
Taneli Savela reports: Medical records from the University Medical Center Groningen (UMCG) that were supposed to be destroyed, ended up in the spotlight on regional broadcaster RTV Noord. The program shows the workers of the employment company Synergon handling old x-rays carelessly. Synergon has reported the theft to the police. UMCG uses a company named Virol to store or destroy old medical files. Virol outsourced the destruction of old x-rays and medical reports to Synergon. Read more on NL Times.
Seriously, these attachment errors are pretty inexcusable, aren’t they? Brian Eason reports: The University of Mississippi Medical Center mistakenly gave out social security numbers, grade point averages and other personal information for most of its student body this week, violating state and federal privacy laws. UMC’s accounting department on Wednesday attached the private data to a mass email notifying students about changes to the school’s health insurance. The attached spreadsheet contained the names, social security numbers, GPAs, race, gender, birthdays, addresses and phone numbers for 2,281 students who are enrolled in health insurance through the university. Read more on Hattiesburg American.