May 12, 2018
Capital Digestive Care, a Silver Spring, MD-based gastroenterology group has disclosed that one of its business partners shared files to a commercial cloud server that did not have correct safety controls, showing the protected health information of up to 17,639 clients.
This PHI was conveyed to the consideration of Capital Digestive Care on February 23, 2018 and action was swiftly taken to protect the files and remove more illegal access.
An analysis into the secrecy breach was started to decide the kinds of files that had been displayed and the number of patients impacted.
The analysis demonstrated that some confidential data had been displayed, even though the breach was kept to persons that had logged on to its website and shared information through the Schedule a Visit and Contact pages on the website.
The range of information disclosed was limited to names, addresses, telephone numbers, email addresses, and birth dates. Patients might also have had a small amount of health information retrieved. The login page to the patient portal and the Pay a Bill pages were unchanged, therefore no financial information was obtained. No patient accounts were retrieved and electronic health records and Social Security numbers remained safe at all times.
Capital Digestive Care has taken further measures to avoid breaches of PHI going forward. All third-party sellers should now verify compliance with HIPAA Security Rule provisions pertaining to the safe storage of private information.
All patients impacted by the occurrence have been warned by mail and given information on checking as well as safeguarding their private data.
It is not clear for how long patient files were disclosed and how many illegal people saw patient information.
Capital Digestive Care has not been communicated with any reports meaning that the disclosed information has been downloaded by illegal people.