Data Security Incident at Lawrence General Hospital, Mary Rutan Hospital and Tri-State Specialists

Lawrence General Hospital in Massachusetts reported a data security incident where unauthorized people likely gained access to some patient information. A security breach was discovered on September 19, 2020 which disturbed its IT systems. The investigation showed that an unauthorized individual got access to its systems from September 9, 2020 to September 19 when the network was protected.

The compromised systems kept patient names, insurance type, internal visit ID numbers, internal patient ID and, some clinical data for very few patients, . The Social Security numbers belonging to 5 patients were likewise probably compromised.

On November 5, 2020, Lawrence General Hospital already sent notifications to affected persons. Lawrence General Hospital additionally said it is enhancing its security systems as prompted by the breach.

Limited Patients’ PHI Exposed at Mary Rutan Hospital Patients Due to Spreadsheet Error

Mary Rutan Hospital located in Bellefontaine, OH uncovered the exposure of a limited amount of patient data as a result of a spreadsheet error. The hospital’s website displayed a link that provided data on Diagnosis Related Groups (DRG) or a patient categorization system that systematizes potential payment to hospitals. Such payments consist of charges connected with inpatient hospital stays.

The website link directed people to a spreadsheet that has several tabs showing limited patient data. Two tabs comprised patient names, birth dates, patient account numbers, dates of service, the purpose for visitation, DRG codes, visit expenses, insurance payment sums, adjusted amounts, and due balances for 1,677 patients. There are no high-risk data contained on the spreadsheet.

There is no information that indicates unauthorized individuals viewed the information. The website link was made inactive on the same day it was identified.

Tri-State Specialists Informs 17,500 Patients Regarding Email Error

Tri-State Specialists, a community of orthopedic surgery clinics located in Iowa, Nebraska, and South Dakota, is informing 17,050 patients regarding an incident that impermissibly disclosed their names and email addresses to a few existing and past patients.

Tri-State Specialists discovered on September 16, 2020 that an employee sent an email with a file attachment that contained patients’ names and email addresses. The file did not have any other patient information. Patients were instructed to watch out for spam emails that might result from the exposure of their email addresses.

Because of the breach incident, Tri-State Specialists have modified policies and procedures associated with the delivery of emails to avoid the same breaches later on. The employees also received re-eduction emphasizing the importance of data privacy.