Data Breaches at Piedmont Cancer Institute, McLaren Oakland Hospital and The Health and Wellness Clinic

Piedmont Cancer Institute (PCI) located in Atlanta, GA is sending notifications to 5,226 patients about the potential compromise of some of their protected health information (PHI) because of an unauthorized person acquiring access to one employee’s email account.

An independent cybersecurity company assisted PCI in confirming the access of the email account for over a month. The unauthorized individual first got access to the email account on April 5, 2020. PCI secured the account on May 8, 2020.

The compromised account audit concluded on August 8, 2020 and showed that it included a number of protected health information. Besides names, the patients affected by the breach had one or more of these data elements exposed: birth date, credit/debit card number, financial account data, and/or medical details like diagnosis and treatment details.

To avert the occurrence of other breaches, PCI has put in place multi-factor authentication on its email accounts and provided additional training to its employees regarding email security.

McLaren Oakland Hospital Identified Potential Data Breach

McLaren Oakland Hospital based in Pontiac, MI has uncovered that 2,219 patients’ PHI was compromised and unauthorized individuals may have accessed it.

On July 10, 2020, McLaren Oakland learned that a file in a desktop computer contained an unauthorized and unsecured URL to a file that contains the protected health information of present and previous patients.

There is no information found that shows the unauthorized access of any of the sensitive information contained in the file. There is also no report received suggesting that patient information was misused. As a precaution, McLaren Oakland Hospital advised the impacted persons to keep track of their statement of accounts and credit reports for any indication of misuse of their PHI. The company furthermore offered the affected patients complimentary membership to identity theft protection and monitoring services.

When the PHI exposure was discovered, the hyperlink was disabled. The investigators uncovered that an employee rendered the hyperlink insecure accidentally. McLaren Oakland has examined its policies and procedures and gave staff further training regarding patient privacy and data security.

Patient Records Stolen from Health and Wellness Clinic in Edmonds, WA

The Health and Wellness Clinic is a natural medicine and physical care solutions provider based in Edmonds, WA. Thieves broke into its facility and stole patient records.

Over the weekend of August 29 to 30, a burglar forced open a locked storage space found off the clinic’s massage suite. The room looked like it was rummaged, documents were removed from a number of files, and a box of paper files was missing. The stolen documents contained data like names, Social Security numbers, birth dates, health backgrounds, and treatment data.

The Health and Wellness Clinic reported the theft to the police authorities. The police performed an investigation and have identified a suspect and got back the stolen box of paper records. It is at the moment not clear how many paper records were taken from the wellness clinic.