Shore Speciality Consultants Pulmonology Group notified 9,700 patients in breach notification letters that their protected health information (PHI) may have been compromised. On July 8, 2019 the Group discovered that their network server was accessed by an unauthorized individual on July 7, 2019. The affected patients were part of sleep studies, patients that did not participate in a sleep study were not affected.
Although there was no evidence that PHI was accessed or stolen, compromised data included patient names, dates of birth, and information in relation to the sleep study they participated in. Patient financial information and Social Security numbers were not compromised. Shore Speciality Consultants Pulmonology Group recommends that patients affected by the breach review their healthcare statements.
The pulmonology group is reviewing their organization’s policies and procedures to ensure that a similar incident does not occur in the future. Additionally, they are retraining employees and revamping their security measures.
Limiting the Risk of a Healthcare Breach
Healthcare breaches are occurring with increased frequency, having affected more than 1.9 million individuals in the month of September. As such organizations working in healthcare must be vigilant in their efforts to secure PHI. The Department of Health and Human Services (HHS) recommends that any organization working with PHI implement the following ten cybersecurity practices:
- Email protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
Not only are healthcare breaches costly, they also do damage to an organization’s reputation. The HHS “wall of shame” documents breaches including the organization that was breached, the date of the breach, how many patients were affected, and the nature of the breach. Organizations that implement robust cybersecurity tools will limit the risk of experiencing a healthcare breach thus protecting their reputation and their wallets.
