Polk County (Iowa) Health Services accidentally and unknowingly disseminated the protected health information of some patients who received care at the Crisis Observation Center in Des Moines, Iowa from June 2014 to January 2018.
The Crisis Observation Center provides mental health services to Polk County residents, and serves as the regional administrator and governing board for mental health and disability services under the Polk County Regional Mental Health and Disability Services Management Plan.
The organization became aware of the breach in February, and it launched an investigation into the incident. The information it unknowingly disclosed includes patients' full names, home
addresses, Social Security numbers, Medicaid identification numbers, dates of admission to the Crisis Observation Center and discharge locations. Officials do not have any evidence the information has been misused.
Polk County Health Services has added computer security protections and protocols, as well as re-educated it's staff on maintaining health privacy, to prevent a similar situation in the future. It is also providing affected individuals free credit monitoring for one year.
Becker's Hospital Review reached out to Polk County Health Services for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
Former Berkeley Medical Center employee owes $22k after stealing patient data
US, UK issue joint alert on alleged Russian state-sponsored cyberattacks
63% of organizations that have suffered a data breach implement biometric authentication: 5 things to know