Des Moines, Iowa-based Primary Health Care is notifying an undisclosed number of patients that four of its employees' email and Google Drive accounts had been accessed by an unauthorized individual Feb. 28.
However, PHC has no evidence of actual or attempted misuse of the patient information. It is notifying affected individuals as a precaution, and is reporting the incident to HHS' Office for Civil Rights.
One of the potentially compromised email accounts or Google Drives contained a combination of patients' names, phone numbers, Social Security numbers, driver's license numbers, financial account numbers, credit or debit card numbers, date of services, diagnosis and treatment information, medical history, facility and provider visited, health insurance information and, if applicable, Medicaid identification numbers.
"PHC has stringent security measures in place to protect the security of information in its possession. In addition, as part of our ongoing commitment to the security of protected health information in its care, PHC is working to implement additional safeguards and security measures to enhance the privacy and security of information on its systems," a PHC statement reads.
The organization will offer affected individuals 12 months of identify protection services at no cost, and it established a dedication assistance line to address any patient concerns.
More articles on cybersecurity:
Finger Lakes Health reports ransomware attack, unable to access computers
Banner Health under investigation for 2016 cyberattack
4 ways technology makes HIPAA easier to follow