PHI Compromised in Security Breaches at Georgia Pines CSB and Ballad Health

Georgia Pines CSB and Ballard Health recently reported security breaches that affected the protected health information (PHI) of 28,295 people.

Ballad Health Finds Breach Involving Employee Email Account

Ballard Health, an integrated community health improvement group located in the Appalachian Highlands in Northeast Tennessee, Northwest North Carolina, Southwest Virginia, and Southeast Kentucky, has lately reported that an unauthorized person obtained access to the email account of an employee.

The organization detected suspicious activity in an employee’s email account on or around January 13, 2022. With prompt action, the email account was made secure. A forensic investigation followed to find out the nature and extent of the breach. It was confirmed on February 17, 2022 that the unauthorized person accessed the email account for a short time and might have viewed or obtained data in the account.

An evaluation of the email messages in the account affirmed on March 16, 2022 the inclusion of the PHI of 4,295 individuals. The compromised information includes names, birth dates, medical backgrounds, medical ailments, treatment data, medical record numbers, patient account numbers, and diagnosis codes. It wasn’t possible to ascertain which email messages, if any, were viewed or acquired.

Ballard Health stated it is going to continue educating the employees on the great importance of security protocols that employees must take to secure its email system.

Theft of Laptops from Georgia Pines Community Service Board

Two laptop computers that contain the PHI of about 24,000 patients had been stolen during a break-in at Georgia Pines Community Service Board (CSB) which happened sometime between April 6, 2022 and April 7, 2022. Georgia Pines CBS personnel found out about the break-in at its main campus on April 7, 2022.

The laptops stored files that contained PHI for instance names, addresses, health records, and Social Security numbers. There was no proof found that suggests unauthorized persons viewed or misused any data on the laptops, however unauthorized access and data misuse can’t be ruled out.

The CSB sent notification letters to affected persons starting on April 7, 2022.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA