CCRM Dallas-Fort Worth Notifies Patients of Data Security Incident


CCRM Dallas-Fort Worth has become aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information. Although at this time there is no indication that an unauthorized party actually accessed or viewed patient information or evidence of patient information being misused, we have taken steps to notify anyone who may have been affected by this incident.


On October 4, 2018, we discovered that a former nurse’s email account had been accessed by an unknown, unauthorized third party. Upon learning that some patients had received spam email messages from the nurse’s account, the practice immediately contacted its IT vendor to deactivate the account and determine what information may have been impacted. The investigation determined that an intruder could have viewed or accessed patients’ names, addresses, email addresses, health information, insurance information and medical history within the account, and for a limited number of patients, Social Security numbers and driver’s license numbers.


Although there is no evidence that an unauthorized third party actually viewed or accessed patient health information and we are not aware of anyone’s information being misused, we take your privacy and security very seriously and have taken steps to prevent a similar event from occurring in the future. Notification letters mailed on December 3, 2018 include additional information about what happened and a toll-free number where patients can learn more about the incident. The call center is available Monday through Friday between 10 AM to 10 PM Central at 1-800-939-4170.


The privacy and security of patient information is a top priority for CCRM, which deeply regrets any inconvenience or concern this incident may cause.

Source:  CCRM.    According to HHS’s public breach tool, 1,117 patients were notified of this incident.  Again, why is so much ePHI in an employee’s email account? Was it really all needed for that week or was some of it already addressed and maybe should have been transferred to secure storage or other files? 

Great thanks to “Russy,” who found this one when I couldn’t find it.

About the author: Dissent