Multnomah County Health Department suffers potential data breach

The Multnomah County Health Department issued a statement regarding the possible breach of personal health information due to improper email practices by an employee.

In August 2012, a department employee began automatically forwarding all emails received in the employee's professional email account to a personal Google email account not maintained by the county. Some of these emails included protected health information.

County personnel discovered the incident on Nov. 22, 2016, as part of a random audit. The county conducted an investigation and found that the health information disclosed may have included first and last names, medical record numbers, medication names, prescription numbers, diagnoses, dates of service and/or ages. However, none of the messages in the employee's personal email account appear to have been accessed, and there is no indication that any Social Security numbers, home addresses or phone numbers were disclosed.

Additionally, the personal email account was deleted and is no longer accessible to the employee.  

"We believe there is a low risk that your information was further disclosed," a department notice read. "However, the personal email account is maintained by Google and not the county."

The county is responding to the breach by reviewing controls, business practices and policies to increase protections.

More articles on health IT:
12 HIT experts join inaugural National MACRA Advisory Council
4 things to know about IBM's security assistant research project, Havyn
CDC Foundation, Anthem unveil education app to decrease birth defects

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months