PHI of Patients Exposed at BayCare Clinic, Rhode Island Department of Health, and Satellite Healthcare Data Breaches

BayCare Clinic Reported Data Breach Related to Pixel

The healthcare provider BayCare Clinic, LLP based in Wisconsin lately reported that the protected health information (PHI) of around 134,000 patients was impermissibly disclosed to unauthorized third parties due to the usage of pixels by its associate, Advocate Aurora Health. According to Advocate Aurora Health recently, a pixel-associated data breach impermissibly disclosed the personal data and PHI of around 3 million patients to third parties including Meta and Google. The impermissible disclosures happened when people visited its webpage and patient portal while they are still logged in their Facebook or Google accounts.

The affected types of data depended on users’ activities in the LiveWell and MyChart web pages and apps, which could have involved these types of information: IP address, times, dates, and/or areas of booked visits, distance to a practice location, provider details, type of visit or treatment, whether the patient had insurance plan, communications involving the patient and other people using MyChart, which could have included first and last names and health record numbers, and if the user got a proxy MyChart account, in that instance the first and last name of the proxy could have been exposed.

Advocate Aurora Health has taken away the pixels and will impose stricter inspections on all tracking technologies in the future.

Internal Data Breach at Rhode Island Department of Health

The Rhode Island Department of Health (RIDOH) has reported an internal impermissible disclosure of patient data. RIDOH discovered the breach on October 21, 2022. It was confirmed by the investigation that patient data was impermissibly exposed from July to October 2022. A clickable link to a spreadsheet was included in email messages sent to workers and the spreadsheet included data regarding the people who were getting food deliveries during their isolation or quarantine at the time of the COVID-19 pandemic. The spreadsheet included details like names, addresses, telephone numbers, household details, delivery data, and details concerning the particular food requirements of those people.

File access was quickly limited upon discovery of the issue. A scan was done on email accounts to find out if the emails were disclosed. RIDOH stated it does not know of any misuse of the compromised data. Steps were since undertaken to stop more disclosures of this type, which include giving employees more training about the management of sensitive data. Roughly 8,800 persons were impacted.

Satellite Healthcare Breach Affected 95,000 Patients

Satellite Healthcare located in San Jose, CA has lately announced a breach of the sensitive data of 95,128 individuals to the Texas Attorney General. Twenty-two Texas residents were affected. There is a little information available about the breach at this period since the breach is not yet posted on the webpage of the California attorney general and there is no information on the healthcare company’s site.

The breach impacted PHI like names, health details, medical insurance data, and financial data. Notifications were provided to impacted persons via mail. Satellite Healthcare was asked for more details about the breach, however, no instant response was gotten.

 

About Christine Garcia 1201 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA