Wyoming Medical Center reports patient record breach

Laura Hancock reports:

Records of nearly 3,200 Wyoming Medical Center patients may have been accessed in February, the hospital reported Thursday.

On Feb. 25, an unidentified third party had access for 15 minutes to two Wyoming Medical Center email accounts containing patient records, the Casper hospital said in a statement.

The records contained patient names, medical record numbers, account numbers, dates of hospital service, birth dates and some medical information, the statement said. Patients’ addresses, Social Security numbers or insurance information were not in the records.

Read more on Casper Star-Tribune.

Update: Here’s the center’s public statement:

Wyoming Medical Center takes the privacy of our patients very seriously and strives to protect the privacy of each patient.  Although there is little risk to patients, Wyoming Medical Center wants to inform the public of a recent incident which allowed unauthorized access to limited protected patient health information (PHI) affecting 3,184 patients.

On Feb. 25, 2016, Wyoming Medical Center discovered that an unauthorized third party had access to two organizational email accounts.  No evidence exists to indicate that PHI was viewed or copied from the compromised email accounts.  Because the unauthorized party only had access to the email accounts for 15 minutes, we believe that no PHI was viewed or acquired.  If the unauthorized party did view patient information, they would have had access to view patient names, medical record numbers, account numbers, dates of hospital service, dates of birth and limited medical information.

Wyoming Medical Center took immediate steps to secure the email accounts.  Although this is a serious breach, the information potentially disclosed did not include patients’ addresses, Social Security Numbers or insurance information.

Because of the limited information contained within the compromised email accounts, there is little to no risk to patients who may have been affected.

In light of this recent event, Wyoming Medical Center is reviewing our internal email safeguards and policies to protect against future incidents.  Wyoming Medical Center has reported this event to the Office for Civil Rights, the government agency that oversees HIPAA privacy compliance (Health Insurance Portability and Accountability Act Privacy Law).

If you were personally affected, and we have your current address, you will be receiving a letter informing you of this breach.  Should you have any questions, please contact Wyoming Medical Center’s Privacy Office at 307-577-2545 or 800-822-7201 extension 2545.

About the author: Dissent