The employee sent unencrypted files to a personal email address five times between Oct. 10, 2014 and Oct. 19, 2015. Employee information in the files includes names, Social Security numbers, home addresses and phone numbers. Client information includes names, birthdates, genders, medical identification numbers, therapist names and rehabilitative therapist names.
Hillsides fired the employee, but has been unable to recover the data files from the personal email account. The agency has no evidence any personal information was disclosed or misused at this time.
“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,” said Hillsides CEO Joseph M. Costa. “We will continue to investigate the incident, to reduce harm to potentially affected individuals and to protect against future similar occurrences.”
More articles on data breaches:
Boston Medical Center could face lawsuit for patient data breach
ProPublica launches HIPAA Helper database to search breaches by providers
Stolen laptop prompts breach notification at Texas rehabilitation hospital
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
