Michigan HIPAA business associates alerts 15,000 patients of data breach

Northwood, a Michigan HIPAA business associate, has notified more than 15,000 patients that a hacker had gained access to an employee's email account and potentially viewed their protected health information, according to the HIPAA Journal.

The company learned that an unauthorized third party had gained access to the employee's email account from May 3-6. There is no evidence that the information stored in the email account has been misused.

Upon investigation, Northwood determined that patients' protected health information had been exposed. Information found in the email account included names, addresses, dates of birth, provider names, dates of service, medical record numbers, patient ID numbers, diagnoses and diagnosis codes, medical device descriptions, treatment information, and health plan membership numbers. Northwell also disclosed that a small number of patients' Social Security numbers, driver's license numbers and health insurance provider names were also exposed.

Since the data breach, Northwood disabled the compromised email account. All employees were required to reset their passwords. Northwood also provided additional training to employees to help them identify email threats.

More articles on cybersecurity:
Cancer Treatment Centers of America alerts 3,900 patients of data breach
Texas pathology group alerts 46,500 patients of data breach
Hackers try to reroute payroll deposits at Texas health system

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars