Data Breaches at North Ottawa Community Health System and Center for Health Care Services

North Ottawa Community Health System (NOCH) found out that one employee at North Ottawa Community Hospital located in Grand Haven, MI, had accessed patients’ medical records without permission in a period of around 3 years.

Another employee told this matter to the health system on October 15. After two days, the alleged inappropriate access was investigated and the employee remained suspended while waiting for the investigation findings.

On November 25, 2019, NOCH confirmed the unauthorized access of the patient records of 4,013 persons by the employee from May 2016 to October 2019. The unauthorized access seemed to have no apparent pattern. Patient records were randomly accessed.

There was no proof that suggests the theft of any patient information. NOCH is convinced that the employee simply accessed patient data because of curiosity.

The employee potentially accessed the following types of information: names, birth dates, Social Security numbers, Medicaid and Medicare numbers, medical insurance details, and certain health data. NOCH offered any patient who had their Social Security number viewed free one-year credit monitoring and identity theft protection services.

All staff members received additional training on NOCH policies addressing medical record access and employee’s access to patient records was made stricter.

NOCH already reported the breach to the Department of Health and Human Services’ Office for Civil Rights. OCR will need to decide whether there would be further action to be taken against the employee because of the HIPAA violation.

Center for Health Care Services’ Computer Systems Shutdown Due to Cyberattack

A cyberattack on the Center for Health Care Services (CHCS) located in San Antonio, TX during the holiday period compelled it to de-activate its computer systems.

CHCS is a healthcare services provider for persons with mental health issues, developmental handicaps, and substance abuse disorder. It manages a number of walk-in clinics and outreach centers within San Antonio area.

The CHCS IT team reported that just one server was affected after federal officials notified them regarding the cyberattack. As a precaution, CHCS decided to shut down its computer system. The IT department already began fixing its computer systems and will be accessible again one by one, beginning with the computer systems of its biggest clinics. The repair work might take a number of days.

This cyberattack is a part of a bigger attack that began before the holidays. It is not known at this time how many organizations were impacted.