April 20, 2018
An incorrectly configured safety setting on a radiology interface has led to the disclosure of tens of thousands of patients’ protected health files.
A multi-specialty doctors’ organization situated in Middleton, NY, Middletown Medical, first detected the misconfigured safety setting on January 29, 2018.
The next day the interface was reconfigured to make sure illegal people might not access patient information. It is unclear how long patient data remained accessible. Middletown Medical says just a limited number of patients’ protected health information might have been gotten by illegal people.
Extremely confidential details including Social Security numbers, financial data, and insurance information were not retrieved. The breach was limited to names, client identification numbers, birthdays, verification that radiology facilities had been received by customers, and the dates those facilities took place. A small number of patients also had radiology images diagnosis codes, and radiology reports obtained.
After finding the breach, Middletown Medical looked over its procedures and policies and applied additional security measures to make sure the secrecy of documents containing protected health information. Extra training has been given to workforce on safeguarding data storage systems and changes have been applied to interfaces to make sure all information remains protected.
No signs of abuse of protected health information have been found even though, as a safety measure, all patients affected by the breach have been presented free identity theft recovery facilities for one year and have been informed to carefully check their account statements and Explanation of Benefits statements for any indication or fake behavior.
The data breach summary filed to the Division of Health and Human Services’ Office for Civil Rights (OCR) indicates up to 63,551 patients had their protected health information retrieved, making this one of the biggest healthcare safety occurrences to be reported thus far in 2018.