Lycoming-Clinton Joinder Board (LCJB) is managing programs that provide services to persons with mental health issues or intellectual disabilities in the area of Lycoming and Clinton Counties, Pennsylvania. It encountered a breach and is now notifying 14,500 individuals concerning the potential compromise of their protected health information (PHI).
On August 10, 2020, while looking into a prior data breach, LCJB learned that an unauthorized individual viewed the email accounts of three personnel. A review of the email accounts affirmed they stored patient data, nevertheless, it can’t be determined if the unauthorized persons accessed or obtained any details in the email accounts.
Details in the accounts varied from patient to patient and could have contained names, dates of birth, addresses, health insurance numbers, medical record numbers, medical records (such as substance abuse, diagnoses, lab tests and results, mental or physical health reviews, and treatment or provider data), care fees, or circumstances of abuse. The Social Security numbers of some individuals were also exposed.
The investigation established that the unauthorized person irregularly accessed the three accounts from August 5, 2020 to August 10, 2020. The prior breach, which was uncovered on June 23, 2020, was an email security incident as well, that impacted two employee email accounts. An unauthorized individual viewed those accounts between June 19, 2020 and June 23, 2020 and compromised the data of 3,905 patients. Though the two incidents had commonalities, it was impossible to conclude that one person was liable.
Due to the incidents, LCJB has undertaken a few steps to strengthen email security, which include increasing password difficulty, using 2-factor authentication for remote access, confining systems access to end-users within the USA, and improving upon its cybersecurity training course for employees. Guidelines and procedures were likewise formulated and enforced that necessitate personal details to be safely deleted routinely from the email system and the network.
Coast Dental Informed 1,700 Patients About Potential PHI Theft
Coast Dental based in Tampa, Florida began notifying 1,700 patients about the potential theft of missing records that contain their PHI.
On the evening of 6/7 August 2020, someone stole a moving truck, which contains equipment and patient data, from a parking space in Atlanta, GA. After reporting the theft to law enforcement, the police were able to recover the stolen truck. The impounded truck was secured to ensure the contents are safe until the police department releases the truck. From August 26 to 28, 2020, an inventory of the truck was performed and the listing of items in the truck showed there were some patient records missing.
On October 13, 2020, Coast Dental sent notification letters to all patients who had their records potentially stolen. As a safety precaution, patients who had their Social Security numbers potentially exposed were provided free credit monitoring services.
Due to the incident, Coast Dental provided re-training of its employees and has polished procedures to implement better security of patient information.