Email Accounts of Primary Health Care Employees Hacked Compromising Patients PHI

Malicious persons accessed the email accounts of four employees working in Primary Health Care Inc., which is a non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA. The unauthorized persons may have viewed or stolen the protected health information (PHI) of Primary Health Care patients.

On March 16, 2018, Primary Health Care issued a press release and posted a substitute breach notice on its official website. The announcement explained that the breach happened on February 28, 2017 and was discovered the next day on March 1, 2017. Primary Health Care is working on the notification letters to be issued to the patients affected by the data breach. The breach notification report will be submitted to the Department of Health and Human Services’ Office for Civil Rights as well. It was not explained why it took Primary Health Care one year to report the breach incident.

Upon discovery of the breach, Primary Health Care took immediate action and terminated access to the employees’ email accounts. A third-party computer forensics expert investigated the incident and found that the attacker gained access to the four email accounts and the associated Google Drives. However, he was not able to determine if the attacker opened any email or viewed any PHI.

The email accounts were found to contain the patients’ names, Social Security numbers, driver’s license numbers, medical histories, diagnoses, treatment details, health insurance information, credit/debit card numbers, financial account numbers, facilities and providers visited, dates of services and Medicaid numbers (in some cases). Primary Health Care did not receive any report or evidence that suggests the misuse of information. Nevertheless, patients whose PHI was affected got offers of free identity theft protection services for 12 months via AllClear. Primary Health Care also has plans of adding security measures to protect the privacy of the patients’ information and prevent data breaches in the future.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.