BJC HealthCare, a not-for-profit healthcare company located in St. Louis, MO, has begun informing a number of patients that an unauthorized individual accessed some of their protected health information (PHI) that was kept in email accounts.
The investigation affirmed that some email accounts of doctors and general professionals were accessed from March 4 to March 28, 2022. Though the forensic investigation didn’t find any proof that emails and attachments were accessed or duplicated, unauthorized access of information and theft cannot be eliminated.
An extensive analysis of the email accounts affirmed that they comprised names, birth dates, medical record numbers, and clinical details like performance schedules, diagnoses, names of providers, and/or treatment facilities. A few patients likewise had their medical insurance details, Social Security numbers, and/or driver’s license numbers exposed.
People whose Social Security number or driver’s license number is exposed may get the free credit monitoring and identity theft protection services being offered.
The breach is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is at the moment uncertain how many persons were affected.
Cooper University Health Care Email Incident
Cooper University Health Care based in Camden, NJ reported on May 25, 2022, that an unauthorized person accessed the email account of a staff member on November 24, 2021. The provider detected the security incident on December 13, 2021, and had it investigated which ended on May 10, 2022.
The email account included data including names, birth dates, medical specialist names, diagnosis and treatment data, billing and claims data, and health record numbers. There is no evidence found that suggests the actual or attempted misuse of patient information during the time of sending notification letters.
The email account breach is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently not clear how many persons were impacted.