San Antonio-based Center for Health Care Services, a mental health and substance abuse provider, began notifying 28,434 patients after it learned one of its former employees secretly took patients' protected health information from the facility on his personal laptop computer, the hospital confirmed to Becker's Hospital Review.
CHCS discovered the breach Nov. 7 as a result of documents produced during litigation with the employee, who was terminated May 2016.
The information — which includes names, addresses, dates of birth, Social Security numbers, medical records numbers, dates of services, referral information, progress notes, types of services, diagnoses, medications, lab and toxicology reports, autopsy reports, death certificates, treatment plans, discharge and death summaries and collateral hospital information — is believed to exist in the files of the former employee and his attorneys, as well as the attorneys for CHCS. The hospital does not believe the information has been distributed outside this group. CHCS' attorneys are seeking a protective order to prevent further disclosure of the information, as well as verify its deletion as soon as the court permits.
Hospital officials said there are currently no steps affected individuals need to take to protect themselves from potential harm resulting from the breach, but they will notify them should circumstance change.
More articles on cybersecurity:
Henry Ford Health System notifies 18k patients of data breach involving compromised email
Researchers warn hacked IV pumps could lead to data breaches
AHA rolls out webinar series addressing cybersecurity