PHI Exposed in Data Breaches at Clinivate, Kaiser Permanente, and McLaren Port Huron Hospital

Clinivate Reports Compromise of 77,652 Records

Concerning the data breach report submitted to the HHS’ Office for Civil Rights on June 2, 2022, there is an update by Clinivate based in Pasadena, CA, an EHR solutions provider for behavioral health centers and schools.

Based on a breach notification sent to the California Attorney General, odd activity was discovered in its digital system on March 23, 2022. A forensic investigation affirmed the unauthorized access by a third party to its network. On May 25, 2022, it was confirmed that the files accessed by that third party between March 12, 2022 and March 21, 2022 contained the protected health information (PHI) of individuals.

The files held the protected health information of 77,652 people, such as names, health plan beneficiary numbers, medical record numbers, treatment data, diagnosis details, other medical data, and information regarding payments for health services.

Clinivate has informed affected persons and mentioned it has executed additional safety measures to avoid further data breaches.

McLaren Port Huron Hospital Announces Compromise of PHI of 49,000 Individuals in MCG Health Cyberattack

McLaren Port Huron Hospital has stated the PHI of a number of patients was exposed in a cyberattack at a former business associate, MCG Health. MCG Health offers patient care guidelines to numerous health plans and about 2,600 hospitals in the U.S.A. On March 25, 2022, MCG Health found out an unauthorized third party got data from its system that contained data elements like names, medical codes,
Social Security numbers, postal addresses, phone numbers, email addresses, birth dates, and gender. A lot of MCG Health clients were impacted by the breach.

McLaren Port Huron Hospital stated it was advised concerning the breach on June 9, 2022. The delayed notification meant it has not done its own investigation to know the possibility of an actual exposure of patient information. But it has sent notifications to all affected people to advise them of the probability that their PHI was stolen. McLaren Port Huron Hospital discontinued using MCG Health in 2019.

The data breach report has been sent to the HHS’ Office for Civil Rights as affecting 48,957 McLaren Port Huron Hospital patients. Affected persons were provided complimentary identity theft protection and credit monitoring services for 24 months.

Kaiser Permanente Reports Stealing of iPad With PHI

Kaiser Permanente has started sending notifications to certain people about the theft of an iPad that held their protected health information. The iPad was stored in a locked storage area at the Kaiser Permanente Los Angeles Medical Center. An unidentified individual broke into the storage space and stole the iPad, and additionally obtained the password for accessing the gadget.

The device was utilized at a Kaiser Permanente COVID-19 testing area and had pictures of COVID-19 specimen labels and PHI i.e. names, health record numbers, dates of birth, and the dates and locations of service. The theft was identified on the same day and Kaiser Permanente remotely erased the data on the unit, including all photos.

Kaiser Permanente mentioned it has transferred devices comprising PHI to a safer place and has strengthened its internal practices and methods. Kaiser Permanente stated the iPad included the PHI of around 75,000 health plan members.

 

Author: Joe Murray

Joe Murray is the Editor-in-Chief of HIPAA 101, where he leads the writing team in delivering high-quality news and insights on HIPAA regulations. With over 15 years of experience in healthcare journalism, Joe has established himself as a trusted writer. At HIPAA 101, Joe is dedicated to providing healthcare professionals and administrative staff with accurate, timely, and comprehensive information to help them navigate the complexities of HIPAA.