May 12, 2018
Capital Digestive Care, a Silver Spring, MD-situated gastroenterology group has disclosed that one of its business associates shared records to a commercial cloud server that did not have correct safety controls, disclosing the protected health information of up to 17,639 customers.
This protected health information was brought to the attention of Capital Digestive Care on February 23, 2018 and action was swiftly taken to protect the records and get rid of additional illegal access.
An analysis into the secrecy breach was started to decide the kinds of files that had been disclosed and the number of patients affected.
The inquiry indicated that some confidential data had been disclosed, even though the breach was kept to people that had logged on to its website and shared info through the Schedule a Visit and Contact pages on the website.
The range of information disclosed was limited to names, addresses, telephone numbers, email addresses, and birth dates. Patients might also have had a small amount of health information retrieved. The login page to the patient portal and the Pay a Bill pages were not affected, so no financial information was gotten. No patient accounts were retrieved and Social Security numbers and electronic health records remained secure all the time.
Capital Digestive Care has taken additional steps to avoid breaches of protected health information going forward. All third-party vendors should now verify compliance with HIPAA Security Rule provisions pertaining to the safe storage of private information.
All patients affected by the occurrence have been warned by post and given information on checking and safeguarding their private data.
It is not clear for how long patient files were disclosed and how many illegal people saw the patient information.
Capital Digestive Care has not been contacted with any reports suggesting that the disclosed information has been downloaded by illegal people.